Skills
skills/epinvest516-web/openclaw-skills/claude-code/Gen Agent Trust Hub

claude-code

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via the claude CLI to automate development workflows. This includes using the -p flag for one-shot tasks and managing interactive sessions, which is the primary intended function of the tool.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the @anthropic-ai/claude-code package from the official npm registry. This is a reference to an official tool from a well-known service.
  • [PROMPT_INJECTION]: The skill allows the agent to process project-specific files like CLAUDE.md and source code, which constitutes an indirect prompt injection surface. \n
  • Ingestion points: Project files, git diffs, and configuration files (e.g., CLAUDE.md) read by the CLI. \n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided in the skill text. \n
  • Capability inventory: The skill uses a bash tool to run commands that can modify the file system and execute further shell instructions. \n
  • Sanitization: No specific sanitization or filtering of input data is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 06:14 PM