clear-context
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to override standard safety behavior. It directs the agent to "DO NOT pause for user confirmation" and "Continue without user prompts" if specific modes like 'dangerous' or 'unattended' are detected. This effectively bypasses the human-in-the-loop safety constraint.
- [COMMAND_EXECUTION]: The skill facilitates the automated execution of tasks through subagents by propagating execution flags. It instructs continuation agents to inherit and maintain "dangerous" or "unattended" modes, which are designed to skip permission prompts for shell commands and other potentially risky operations.
- [PROMPT_INJECTION]: The skill relies on a local file (
.claude/session-state.md) to define the instructions and context for continuation subagents. This creates an attack surface where a project containing a malicious state file could influence the agent's behavior, especially given the instructions to execute remaining tasks until completion without stopping for user feedback. - [PROMPT_INJECTION]: The instructions for the subagent include a directive to "only stop on actual errors or when all work is done," which encourages the agent to proceed through a sequence of operations without pause or review, even for tasks that would normally require a checkpoint.
Audit Metadata