auto-claude-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references the installation of the @anthropic-ai/claude-code package via npm. Per [TRUST-SCOPE-RULE], this is a trusted organization (Anthropic), so the finding is downgraded to LOW.
- [COMMAND_EXECUTION] (LOW): The skill provides instructions for executing local Python scripts (spec_runner.py, run.py, validate_spec.py) and basic shell commands. These operations are core to the skill's intended purpose as a CLI reference.
- [PROMPT_INJECTION] (LOW): The framework described facilitates the processing of untrusted data which presents a surface for indirect prompt injection. 1. Ingestion points: Untrusted data enters via the --task CLI argument in spec_runner.py and through the HUMAN_INPUT.md file. 2. Boundary markers: No boundary markers or 'ignore' instructions are mentioned in the provided documentation. 3. Capability inventory: The scripts can modify local files, manage Git worktrees, and execute build/test commands (npm run dev). 4. Sanitization: No evidence of input sanitization or validation is present in the skill documentation.
Audit Metadata