claude-api
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches latest API documentation, model catalogs, and pricing information from official Anthropic and Claude platforms (platform.claude.com).
- [COMMAND_EXECUTION]: Provides instructions and tools for executing shell commands and performing local file modifications through the Agent SDK's built-in tools like
Bash,Edit, andWrite. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its data ingestion capabilities.
- Ingestion points: The skill is designed to read external documentation via
WebFetch(URLs listed inshared/live-sources.md) and local project files usingRead,Glob, andGreptools. - Boundary markers: The skill body does not specify explicit delimiters or markers to separate untrusted data from system instructions during tool use.
- Capability inventory: Includes subprocess execution (
Bash), filesystem writes (Write,Edit), and the ability to spawn subagents (Agent). - Sanitization: File analysis instructions in
python/claude-api/tool-use.mdcorrectly recommend the use ofos.path.basename()to mitigate path traversal risks when handling output files. - [REMOTE_CODE_EXECUTION]: Implementation examples include the use of
npxto dynamically download and execute Model Context Protocol (MCP) servers from official repositories such as Playwright and the Model Context Protocol organization.
Audit Metadata