Skills
skills/ligphidonk/oh-my--paper/claude-code-dispatch/Gen Agent Trust Hub

claude-code-dispatch

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash tool to run claude with the --dangerously-skip-permissions flag. This bypasses the security model of the CLI tool, allowing it to perform actions like file deletion or command execution without requiring human confirmation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates task descriptions directly into the sub-agent's command-line prompt. An attacker could provide a task description containing malicious instructions that the sub-agent will execute autonomously due to the disabled safety checks.
  • Ingestion points: The task description argument (-p) in the CLI call.
  • Boundary markers: None; the input is not enclosed in delimiters that would signal the end of untrusted content.
  • Capability inventory: File system access and command execution through the bash tool.
  • Sanitization: The skill does not perform any escaping or verification of the task description before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 01:26 PM