kb-claude-code
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
--dangerously-skip-permissionsflag for the Claude Code CLI. This flag is used to bypass interactive permission prompts, which effectively removes the human-in-the-loop safety requirement for the agent. - [COMMAND_EXECUTION]: Provides a Python snippet that demonstrates how to strip the
CLAUDECODEenvironment variable to enable nested agent execution. This technique bypasses a safety check intended to prevent unauthorized recursion or infinite loops. - [PROMPT_INJECTION]: The documented coordination patterns (Task locking and Idea accumulation) describe a workflow where the agent reads state and instructions from local workspace files (e.g.,
current_tasks/). This establishes a surface for indirect prompt injection if those files are populated with untrusted content.
Audit Metadata