claude-extensibility
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The skill explicitly documents and provides templates for using high-privilege configuration flags that disable the security model of the host environment.
- Evidence: In
references/agent-development.md, thepermissionModetable includesbypassPermissions("Skip all permission checks") andacceptEdits("Auto-accept file edits"). - Impact: Utilizing these modes allows an agent to perform arbitrary file writes or system commands without the user's explicit consent, facilitating unauthorized system changes.
- Command Execution (MEDIUM): The documentation encourages the use of the
Bashtool for various tasks including 'Code Modifications' and 'Comprehensive' workflows. - Evidence: Found in
SKILL.mdandreferences/agent-development.md(e.g.,tools: Read, Edit, Bash, Grep, Glob). - Context: While expected for a developer tool, documenting these tools alongside instructions to bypass permissions significantly elevates the risk of accidental or malicious command execution.
- Indirect Prompt Injection (LOW): The skill describes an architecture for agents that process untrusted data from a codebase, creating a surface for indirect prompt injection.
- Ingestion points:
ReadandGreptools used on project files inreferences/agent-development.md. - Boundary markers: The provided templates (e.g.,
code-reviewer) do not include delimiters or instructions to ignore embedded commands in the processed data. - Capability inventory: High-impact capabilities including
Bash,Write, andEditare associated with agents processing this data. - Sanitization: No sanitization or validation strategies are provided in the development guide.
Recommendations
- AI detected serious security threats
Audit Metadata