call-claude
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is vulnerable to shell command injection via the
{task_description}variable. Since the input is interpolated directly into a bash heredoc without sanitization, an attacker can provide a payload containing theEOTdelimiter to terminate the heredoc and execute arbitrary shell commands on the host system.\n- [COMMAND_EXECUTION] (HIGH): The skill explicitly uses the--dangerously-skip-permissionsflag with theclaudeCLI tool. This flag is designed to bypass built-in security safeguards and permission prompts, allowing the tool to perform potentially harmful or unauthorized actions without user oversight.\n- [PROMPT_INJECTION] (LOW): The skill enables indirect prompt injection by passing unvalidated external content to a command-line interface with elevated permissions.\n - Ingestion points:
{task_description}variable inSKILL.md.\n - Boundary markers: Uses
<<EOTheredoc syntax, which is bypassable in this implementation.\n - Capability inventory: Execution of system commands and potential for full shell access via injection.\n
- Sanitization: No input validation or escaping is applied to the task description content.
Recommendations
- AI detected serious security threats
Audit Metadata