claude-sdk
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
Bashtool andcomputer_usecapability, which allow agents to execute shell commands and interact with the file system. These are standard features of the SDK being documented. The skill provides specific examples for sanitizing these commands to prevent malicious execution. - [PROMPT_INJECTION]: The skill describes an architecture for agents that ingest untrusted data via
WebFetchandWebSearchtools. This creates an indirect prompt injection surface. 1. Ingestion points:WebFetch,WebSearch, and file read operations inSKILL.md. 2. Boundary markers: The skill recommends descriptive tool names and strict schemas but does not illustrate explicit instruction-isolation delimiters in the code snippets. 3. Capability inventory: The documented agents possessBash(shell execution),Write(file system modification), andWebFetchcapabilities. 4. Sanitization: The skill includes a code example for asanitize_bash_commandfunction designed to block dangerous strings like fork bombs and file deletion commands. - [EXTERNAL_DOWNLOADS]: The skill mentions using
npxto run the@modelcontextprotocol/server-githubpackage. This is a standard integration for the Model Context Protocol from a well-known service provider.
Audit Metadata