Skills
skills/ruiwarn/skills/claude-code-delegation/Gen Agent Trust Hub

claude-code-delegation

Warn

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to attempt to bypass security boundaries. Specifically, it suggests that if the tool cannot reach its API, the agent should "run it outside the restrictive sandbox or escalate". This directs the AI to seek unauthorized privilege levels or environment escapes.
  • [COMMAND_EXECUTION]: The documentation encourages the use of the --dangerously-skip-permissions flag when invoking the claude CLI. This flag is designed to disable internal safety prompts and user-in-the-loop permission checks, increasing the risk of unreviewed destructive actions.
  • [PROMPT_INJECTION]: The skill defines a multi-agent delegation pattern that is vulnerable to indirect prompt injection chains (Category 8b).
  • Ingestion points: The main agent accepts and processes task summaries and verification results from delegate instances (SKILL.md).
  • Boundary markers: Absent. The skill does not recommend using delimiters or instructions to ignore potential injections in the delegate's response.
  • Capability inventory: The system allows for file modifications and execution of arbitrary verification commands as part of the subtask loop.
  • Sanitization: Absent. There are no instructions provided to validate or sanitize the output returned by sub-agents before the main agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 3, 2026, 03:28 AM