claude-sdk

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of the Bash tool and computer_use capability, which allow agents to execute shell commands and interact with the file system. These are standard features of the SDK being documented. The skill provides specific examples for sanitizing these commands to prevent malicious execution.
  • [PROMPT_INJECTION]: The skill describes an architecture for agents that ingest untrusted data via WebFetch and WebSearch tools. This creates an indirect prompt injection surface. 1. Ingestion points: WebFetch, WebSearch, and file read operations in SKILL.md. 2. Boundary markers: The skill recommends descriptive tool names and strict schemas but does not illustrate explicit instruction-isolation delimiters in the code snippets. 3. Capability inventory: The documented agents possess Bash (shell execution), Write (file system modification), and WebFetch capabilities. 4. Sanitization: The skill includes a code example for a sanitize_bash_command function designed to block dangerous strings like fork bombs and file deletion commands.
  • [EXTERNAL_DOWNLOADS]: The skill mentions using npx to run the @modelcontextprotocol/server-github package. This is a standard integration for the Model Context Protocol from a well-known service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 09:39 AM
Security Audit — agent-trust-hub — claude-sdk