cc
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
ls,find, andgrepduring its 'Step 0: Project Status Perception' phase to scan the localwiki/directory. These commands are used to identify the presence of documentation and the status of various project items. - [COMMAND_EXECUTION]: The skill instructions specify that the agent should use a local script,
read-yaml.mjs, located in a sub-skill directory (cc-init/references/tools/), to extract fields from YAML files rather than reading them directly. - [PROMPT_INJECTION]: The skill identifies and processes data from the
wiki/directory to guide its routing logic. Maliciously crafted metadata or status fields within these project files could influence the agent's workflow transitions. - Ingestion points: The
wiki/directory and its subdirectories (e.g.,requirements/,features/,roadmaps/) are scanned for status markers and stale flags. - Boundary markers: No explicit delimiters or instruction-bypass warnings are defined in the routing logic.
- Capability inventory: Uses
ls,find, andgrepto inspect files and routes execution to other sub-skills (e.g.,cc-spec,cc-fix) based on the findings. - Sanitization: The skill does not define sanitization or validation routines for the content read from the
wiki/files before using it for routing decisions.
Audit Metadata