Claude SDK Expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the creation of agents that can run arbitrary terminal commands through the 'bash' tool and 'computer_use' functions in 'resources/code-examples.py'.- [REMOTE_CODE_EXECUTION]: The MCP integration example demonstrates dynamic code execution by using 'npx' to download and run the '@modelcontextprotocol/server-github' package.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where agents ingest untrusted external data and possess high-privilege capabilities.
- Ingestion points: Data is ingested via 'WebFetch', 'WebSearch', and file read operations as specified in 'SKILL.md'.
- Boundary markers: The provided code examples do not demonstrate the use of delimiters or 'ignore' instructions to isolate untrusted content.
- Capability inventory: The agent is equipped with 'bash' command execution and 'file_operations' for writing and editing files.
- Sanitization: The 'sanitize_bash_command' function in 'resources/code-examples.py' utilizes a basic denylist for specific command strings, which is insufficient to prevent sophisticated command injection attacks.
Audit Metadata