claude-code
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or persistence mechanisms were detected. The skill provides documentation for a tool from a trusted organization.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official @anthropic-ai/claude-code CLI from NPM, which is a trusted source from a well-known organization.
- [COMMAND_EXECUTION]: Provides instructions for the agent to execute the claude CLI. This is the primary purpose of the skill and is intended behavior for coding automation.
- [PROMPT_INJECTION]: The skill facilitates the use of the claude tool which processes external codebase data and configuration files like CLAUDE.md. This constitutes an indirect prompt injection surface where a project could influence the tool's behavior. 1. Ingestion points: codebase files, CLAUDE.md. 2. Boundary markers: Not specified in wrapper. 3. Capability inventory: Command execution and file system access via the wrapped tool. 4. Sanitization: Not specified.
Audit Metadata