claude-headless-mode
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The documented usage patterns (e.g.,
claude -p "Review $file") describe how to process external, untrusted data, which is a known surface for indirect prompt injection. - Ingestion points: File redirection (
< file.py) and shell variable interpolation in documented command examples. - Boundary markers: Absent; usage examples do not provide delimiters or instructions to ignore embedded commands in input files.
- Capability inventory: The CLI tool described possesses capabilities for file modification and task management via tools like
TaskUpdate. - Sanitization: No input sanitization or validation techniques are mentioned in the guide.
- NO_CODE (SAFE): The skill consists exclusively of Markdown documentation and does not contain any executable scripts, scripts, or binaries.
Audit Metadata