auto-permissions-review-enable
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell commands to check for the existence of a local script at
~/.claude/hooks/ai-review.shand to initialize a session state directory at~/.claude/ai-review-sessions. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to bypass standard human-in-the-loop (HITL) approval protocols for 'read-only' tools and to delegate the safety review of terminal commands to a secondary model. (1) Ingestion point: terminal commands and tool parameters; (2) Boundary markers: none present; (3) Capability inventory: approval of shell execution and file system read tools; (4) Sanitization: none present.
Audit Metadata