cc-actions
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of lifecycle hooks such as
PreToolUseandPostToolUsethat execute shell commands to perform validation and formatting. For instance,patterns/hooks.mdshows tool input being piped into shell commands usingjqandxargsto run linters or formatters. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from GitHub events, such as pull request descriptions, issue bodies, and comments, which are then interpolated into agent prompts. Documentation in
official-docs/security.mdacknowledges this risk and suggests sanitization techniques. - [EXTERNAL_DOWNLOADS]: Multiple examples in
examples/README.mdandofficial-docs/configuration.mddemonstrate the use ofnpxto download and execute Model Context Protocol (MCP) servers and development tools like Prettier and ESLint at runtime. - [REMOTE_CODE_EXECUTION]: The combination of dynamic command execution in hooks and the ability to fetch and run external packages via
npxconstitutes a potential remote code execution vector if tool inputs are manipulated through indirect prompt injection.
Audit Metadata