skill-permissions
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to modify
~/.claude/settings.json, specifically thepermissions.allowsection. This allows it to grant persistent bash execution capabilities to other skills. - [COMMAND_EXECUTION] (HIGH): The
/skill-permissions injectcommand explicitly states it can batch modify allSKILL.mdfiles in the user's directory, which is a high-risk operation for file integrity and potential persistence of malicious instructions. - [PROMPT_INJECTION] (MEDIUM): By scanning other
SKILL.mdfiles for bash patterns to create allow-rules, this skill is vulnerable to Indirect Prompt Injection. A malicious skill could include a specifically crafted bash-like pattern in its markdown that this skill might parse and add to the globalsettings.jsonallowlist, bypassing intended security boundaries. - [COMMAND_EXECUTION] (LOW): The skill uses
findandcatcommands on the~/.claude/directory. While these are used for its primary purpose, accessing hidden configuration directories is a sensitive operation.
Recommendations
- AI detected serious security threats
Audit Metadata