claude-agent-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a developer resource containing documentation and templates for the Claude Agent SDK. All code examples are safe and follow established SDK patterns.
- [COMMAND_EXECUTION]: The skill documents the use of the Bash tool while providing extensive examples of security filters to block high-risk commands.
- [PROMPT_INJECTION]: It provides guidance on using system prompt presets to maintain agent behavior and avoid injection.
- [DYNAMIC_EXECUTION]: Documentation examples use eval() for calculators but include explicit warnings to use safe libraries in production.
- [EXTERNAL_DOWNLOADS]: Dependencies are restricted to legitimate packages like claude-agent-sdk.
- [INDIRECT_PROMPT_INJECTION]: The skill documents tools that process untrusted external data (WebFetch) and provides detailed remediation via hooks. Ingestion points: WebFetch and WebSearch tools; Boundary markers: System prompt presets (claude_code); Capability inventory: Bash, Write, Edit, and Task tools; Sanitization: Pre-tool and Post-tool hooks and permission callbacks.
Audit Metadata