claude-code-operator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
claudeCLI andcurlcommands to interact with external MCP servers and deployment tools. - [EXTERNAL_DOWNLOADS]: The provided environment setup script installs the
@anthropic-ai/claude-codepackage from the NPM registry, which is an official and trusted source. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through its ingestion of local file content.
- Ingestion points: The skill reads local project files and passes their contents to the agentic Claude Code environment for processing.
- Boundary markers: The provided workflow examples lack explicit delimiters to separate untrusted file content from task instructions.
- Capability inventory: The skill operates a tool with broad capabilities, including system command execution and network access.
- Sanitization: There is no evidence of sanitization or input validation of the ingested file data before it is processed by the agent.
Audit Metadata