fork
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is the dynamic generation of shell commands (e.g.,
claude --dangerously-skip-permissions ...) intended for manual execution by the user in a terminal. - [PROMPT_INJECTION]: The instructions command the agent to check its own permission context and, if elevated, proactively include the '--dangerously-skip-permissions' flag in the generated command. This constitutes an intentional attempt to bypass safety constraints and user confirmation prompts in subsequent agent sessions.
- [PROMPT_INJECTION]: The skill facilitates an indirect injection vulnerability by aggregating potentially untrusted conversation content (files, decisions, and findings) into a summary used as the prompt for the forked session. Evidence: (1) Ingestion point is the synthesis of conversation memory and files; (2) Boundary markers such as 'ignore instructions' delimiters are absent from the generated output; (3) Capability inventory includes the full feature set of the 'claude' CLI; (4) Sanitization is strictly limited to shell-level character escaping and does not filter the instructional content of the synthesized prompt.
Recommendations
- AI detected serious security threats
Audit Metadata