Skills
skills/richfrem/agent-plugins-skills/claude-cli-agent/Gen Agent Trust Hub

claude-cli-agent

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates tasks by executing shell commands that pipe data into and out of the claude CLI (e.g., cat <PERSONA_PROMPT> | claude -p "..." < <INPUT> > <OUTPUT>).
  • [COMMAND_EXECUTION]: It explicitly recommends the use of the --dangerously-skip-permissions flag when running the claude CLI. This flag is used to bypass the tool's interactive security checkpoints, enabling autonomous execution without requiring manual user approval for file access or command operations.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of external software, specifically the @anthropic-ai/claude-code CLI tool via NPM and Python dependencies via pip.
  • [PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data (such as logs and documents) through an LLM-based sub-agent.
  • Ingestion points: Data is entering the sub-agent context via shell redirection placeholders (e.g., <INPUT>) as defined in SKILL.md.
  • Boundary markers: The instructions suggest including specific isolation strings in prompts (e.g., 'Do NOT use tools. Do NOT search filesystem.') to define the sub-agent's operational boundaries.
  • Capability inventory: The skill has access to the Bash, Read, and Write tools as defined in the YAML frontmatter.
  • Sanitization: There is no mention of data sanitization or input validation being performed on the external content before it is passed to the CLI sub-agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:09 PM