run-claude
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a tool that accepts
promptandsystemPromptparameters intended to be populated from the conversation context. This creates a vulnerability to indirect prompt injection if the context contains data from untrusted sources. - Ingestion points: The
promptandsystemPromptarguments of themcp__plugin_headless-knight_runCLI__claudetool. - Boundary markers: None identified; no delimiters or instructions to ignore embedded content are present.
- Capability inventory: The skill supports complex programming, planning, and writing tasks, implying significant filesystem or system access within the execution environment.
- Sanitization: No sanitization or validation of the input strings is described.
- [COMMAND_EXECUTION]: The tool name
runCLI__claudeand the ability to define anenvobject allow for manipulation of the execution environment. Specifically, theCODE_ENVCLAUDE_CODE_COMMANDenvironment variable allows specifying the path to the executable, which could be abused to execute malicious binaries if the input is influenced by an attacker. - [CREDENTIALS_UNSAFE]: The documentation provides instructions for handling the
ANTHROPIC_API_KEYwithin the skill's environment. While no keys are hardcoded in the file, the architecture encourages passing sensitive API credentials through a generic environment object (env), which increases the risk of credential exposure to sub-processes or through logging.
Audit Metadata