The Agent Skills Directory

[COMMAND_EXECUTION]: The run_claude_code function in scripts/run_claude.py contains a critical command injection vulnerability. The prompt argument is directly interpolated into a f-string command (f'cd {temp_workdir} && claude --print "{prompt}" 2>&1') which is then passed to su -c. An attacker can provide a malicious prompt (e.g., using backticks or command substitution) to execute arbitrary shell commands on the host machine.\n- [PROMPT_INJECTION]: The skill implements a systematic safety bypass by automatically responding 'y' (yes) to any confirmation prompt encountered during execution (e.g., 'Do you want to', 'proceed', 'continue'). This removes the user's ability to review or block potentially harmful actions performed by the autonomous Claude Code agent.\n- [COMMAND_EXECUTION]: The skill documentation and source code indicate a requirement for root or sudo privileges to perform file ownership changes and user switching. This significantly elevates the risk, as any successful command injection can lead to a full system compromise.

claude-code-runner