use-other-model
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides explicit instructions to bypass the CLAUDECODE environment variable check, a mechanism designed by the platform to manage nested sessions and prevent recursion or unauthorized behaviors.
- [COMMAND_EXECUTION]: It encourages the use of the --dangerously-skip-permissions flag when launching sub-sessions. This flag removes the human-in-the-loop requirement for sensitive operations like file modification or command execution, significantly increasing the risk of automated malicious actions.
- [CREDENTIALS_UNSAFE]: The implementation strategy involves requesting API tokens from the user and writing them into shell scripts or environment files. This practice exposes long-lived credentials in plaintext on the filesystem, which may be captured by other processes or left behind if cleanup fails.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool with background execution to launch generated scripts, creating persistent processes that execute commands without direct user visibility or immediate approval.
Recommendations
- AI detected serious security threats
Audit Metadata