claude-code
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing the
claudeCLI with high-privilege flags such as--dangerously-skip-permissionsand--permission-mode acceptEdits. These flags allow the tool to perform file writes and shell execution without standard approval prompts. Although the instructions include warnings to seek user approval, the primary function is to facilitate automated command execution. - [DATA_EXPOSURE]: Multiple files in the skill (SKILL.md, SKILL.ko.md) contain absolute local file system paths belonging to the author (e.g.,
/Users/alpox/Desktop/dev/kood/hypercore/...). This leaks metadata about the development environment and internal directory structures. - [INDIRECT_PROMPT_INJECTION]: The skill's core purpose is to ingest and process external data (source code repositories) via an AI CLI tool. This creates an attack surface where untrusted content in a repository could influence the agent's behavior via the tool's output.
- Ingestion points: External repositories and files processed by the
claudeCLI. - Boundary markers: Uses the
-pflag for prompt encapsulation, but skips workspace trust dialogs in print mode. - Capability inventory: File system modification and shell execution via the underlying CLI tool.
- Sanitization: No sanitization or verification of external repository content is mentioned.
Audit Metadata