ask-claude
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a shell command using the pattern
claude -p "YOUR_PROMPT_HERE". This approach is highly susceptible to shell injection. If the prompt content contains shell metacharacters such as backticks, semicolons, or command substitutions (e.g.,$(command)), it could lead to arbitrary code execution on the host system. - [DATA_EXFILTRATION]: To function effectively, the skill advises the agent to provide 'all necessary context' and 'enough background' to the external CLI. This involves transmitting potentially sensitive or proprietary codebase information to Anthropic's servers. Although Anthropic is a well-known technology provider, this creates a data exposure risk that users must be aware of.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes output from an external tool (Claude CLI) and is instructed to 'Evaluate the response critically' and 'Synthesise' it. This provides a vector where a malicious response from the external tool could influence the agent's behavior. \n
- Ingestion points: Output from the
claudecommand is read into the agent's context (SKILL.md). \n - Boundary markers: None provided in the command template. \n
- Capability inventory: The skill can execute shell commands and read process output. \n
- Sanitization: No validation or sanitization of the external output is specified before the agent acts upon it.
Audit Metadata