bare-eval
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and encourages the use of the --dangerously-skip-permissions flag in shell command templates within references/invocation-patterns.md. This flag bypasses interactive user confirmation for tool execution in the sub-invoked Claude instance, allowing it to perform potentially destructive actions without user oversight if the model is provided with malicious input.
- [COMMAND_EXECUTION]: Shell command patterns in references/invocation-patterns.md, such as claude -p "$prompt" ..., interpolate variables directly into command strings. This pattern is susceptible to shell command injection if the variables contain unsanitized input from external sources.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection attack surface. 1. Ingestion points: references/invocation-patterns.md (variables $prompt, $assertions_json, $output_text). 2. Boundary markers: Absent in provided shell examples. 3. Capability inventory: Sub-process execution of the claude CLI via shell patterns. 4. Sanitization: Absent in the documented patterns.
Audit Metadata