claude-code-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): The patterns.md file recommends installing the CLI via piped shell execution from a remote URL. Evidence: patterns.md line 124 contains 'curl -fsSL https://claude.ai/install.sh | bash'. Per [TRUST-SCOPE-RULE], this is downgraded to LOW as it targets a trusted Anthropic domain.
- [COMMAND_EXECUTION] (MEDIUM): The skill promotes the use of '--dangerously-skip-permissions' to allow the agent to execute tools without user oversight. Evidence: patterns.md and SKILL.md. This is particularly risky when the Bash tool is enabled, as it allows arbitrary shell commands to be run by the agent in automated environments.
- [PROMPT_INJECTION] (LOW): The skill documentation includes patterns for ingesting untrusted external data, such as PR diffs and logs, directly into the agent. Evidence: patterns.md line 15. Mandatory Evidence Chain: (1) Ingestion points: patterns.md (CI/CD review flow), SKILL.md (Piping input section); (2) Boundary markers: Absent in provided examples; (3) Capability inventory: Read, Write, Edit, and Bash tools; (4) Sanitization: None provided in the automation recipes.
Audit Metadata