claude-cli-agent
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell command execution and piping to interact with the Claude CLI. It specifically instructs the use of the '--dangerously-skip-permissions' flag to bypass user approval prompts for file and command operations.
- [REMOTE_CODE_EXECUTION]: To handle large inputs (5MB+), the skill instructs the agent to dynamically 'build a python script to semantically chunk or scan' files before execution. This involves runtime code generation and execution.
- [EXTERNAL_DOWNLOADS]: The documentation references installation of the '@anthropic-ai/claude-code' package from the npm registry.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes untrusted external data (logs, architecture documents, source code) by piping it into a sub-agent context. While it suggests mitigations like instructing the sub-agent to 'Do NOT use tools', the boundary is permeable if the input data contains adversarial instructions.
Audit Metadata