skills/iii-hq/workers/claude-code/Gen Agent Trust Hub

claude-code

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands on the host system via the Claude Code CLI.
  • Evidence: The skill documentation in SKILL.md states it "spawns the host claude CLI per turn" to execute tasks including "shell" and "file edits" in a chosen working directory.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted input while maintaining high-privilege access to the host machine.
  • Ingestion points: Untrusted data is ingested through the prompt and messages parameters in the claude::run and claude::start functions (SKILL.md).
  • Boundary markers: There are no instructions or delimiters defined to isolate user-provided prompts or to prevent the agent from obeying embedded instructions within processed data.
  • Capability inventory: The skill can modify the local filesystem, execute shell commands, and perform web requests via the underlying CLI tool (SKILL.md).
  • Sanitization: No input validation or sanitization mechanisms are specified in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:36 AM
Security Audit — agent-trust-hub — claude-code