claude
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using the
claudeCLI. It interpolates user-provided values such as model names, permission modes, and natural language prompts directly into shell command strings (SKILL.md). - [COMMAND_EXECUTION]: Explicitly supports the
--permission-mode bypassPermissionsflag, which enables the underlying tool to perform file modifications and command executions without per-action user confirmation (SKILL.md). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks (Category 8). 1. Ingestion points: Reads local source code and context files provided by the user or agent. 2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted file content from the command-line arguments. 3. Capability inventory: Execution of the
claudeCLI, which can modify the filesystem and run subprocesses (SKILL.md). 4. Sanitization: There is no evidence of sanitization or escaping applied to user-provided content before it is interpolated into shell commands.
Audit Metadata