Skills
skills/starforall/ai-coding-toolkit/collaborating-with-claude/Gen Agent Trust Hub

collaborating-with-claude

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a Python bridge script (scripts/claude_bridge.py) to execute the claude command-line utility. The implementation utilizes subprocess.Popen with shell=False, which is a security best practice that prevents shell injection by ensuring arguments are passed as a list rather than an interpreted string.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes natural language instructions and passes them to a command-line interface with broad capabilities.
  • Ingestion points: Untrusted content enters the system via the --PROMPT argument in the bridge script.
  • Boundary markers: No specific delimiters or markers are enforced within the script to separate instructions from data.
  • Capability inventory: The claude CLI has the capability to read files, propose code changes, and potentially execute additional tools if configured via MCP servers.
  • Sanitization: The script does not perform automated sanitization or filtering of the prompt content before execution.
  • [PROMPT_INJECTION]: The skill includes defensive documentation (references/shell-quoting.md) specifically designed to help the agent and user avoid accidental command expansion when using Markdown backticks in prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 01:21 AM