coc-480buy-card
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch its core engine from an external GitHub repository (https://github.com/tanis90/coc-cardwright.git) which is the author's own infrastructure. This is documented in the ENGINE_REPO.txt file and used by the agent during setup.
- [REMOTE_CODE_EXECUTION]: The skill instructions guide the AI agent to clone the remote repository and perform a local installation using 'pip install -e'. This results in the execution of code downloaded from the internet on the host system to provide the character generation functionality.
- [COMMAND_EXECUTION]: The skill requires the agent to run multiple shell commands to manage the environment and generate output, specifically 'git' for cloning the repository, 'pip' for package management, and a custom 'coc' CLI tool for data validation and HTML rendering.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user input (character descriptions and concepts) which is then passed to the CLI tool and formatted into files.
- Ingestion points: User prompts describing character identity, traits, and background (SKILL.md).
- Boundary markers: The skill enforces a strict JSON schema for character data and provides detailed field requirements to delimit user content.
- Capability inventory: The agent has access to shell execution for 'git', 'pip', and the 'coc' CLI (SKILL.md).
- Sanitization: The skill mandates the use of 'coc verify' to validate all generated data against rule-based constraints before rendering, which helps sanitize numerical and structural data.
Audit Metadata