claude-skill
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates complex workflows using
tmux,git, and theclaudeCLI. It specifically encourages the use of the--dangerously-skip-permissionsflag, which allows the underlying AI agent to execute arbitrary shell commands and perform file modifications without any manual approval or oversight. This configuration significantly increases the risk of the agent performing unintended or destructive actions if it receives malicious instructions. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of instructions and commands generated by a remote large language model by providing an automation wrapper for the
claude-codeutility. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection during its multi-model code review phase (Step 6). It processes untrusted data from git diffs and passes it directly to LLMs without isolation or sanitization. 1. Ingestion points: Git diff data obtained via
gh pr diffinSKILL.md. 2. Boundary markers: None identified in the provided review prompts. 3. Capability inventory: Full shell access throughtmux,gitfor repository manipulation, and theclaudeCLI for file edits. 4. Sanitization: No sanitization, escaping, or validation of the diff content is performed before it is processed by the reviewer models. - [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@anthropic-ai/claude-codepackage. This is a legitimate utility provided by Anthropic, which is a recognized and trusted organization.
Audit Metadata