skills/dzhng/skills/claude/Gen Agent Trust Hub

claude

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the claude command-line tool. It explicitly suggests using flags such as --dangerously-skip-permissions and --permission-mode dontAsk, which disable user confirmation for potentially destructive operations like file edits and shell command execution performed by the sub-agent.
  • [COMMAND_EXECUTION]: User-provided input is interpolated directly into a shell command string via the "<prompt>" argument. If the agent does not properly sanitize this input, it could lead to shell command injection if the user includes malicious shell escape characters.
  • [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection (Category 8) by relaying untrusted user instructions to a sub-agent equipped with powerful system tools.
  • Ingestion points: User-provided tasks and requests for Claude's assistance found in the conversation context.
  • Boundary markers: The skill suggests using XML-style tags like <task> and <output_contract> to structure the prompt, though these do not prevent adversarial injection.
  • Capability inventory: The delegated claude agent has access to Read, Grep, Glob, Bash, and file-editing capabilities.
  • Sanitization: No explicit sanitization or validation of the user's task description is performed before it is passed as an argument to the CLI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 11:30 AM
Security Audit — agent-trust-hub — claude