codeagent
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and facilitates the use of the
--dangerously-skip-permissionsflag and theCODEAGENT_SKIP_PERMISSIONSenvironment variable. These features are designed to bypass safety confirmation prompts in the Claude CLI to enable autonomous execution. While intended for automation, this mechanism significantly increases the risk that malicious or accidental destructive commands could be executed without user oversight. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted task content through the
codeagent-wrapperacross various AI backends. - Ingestion points: Task content is supplied via heredoc syntax and passed to the wrapper utility.
- Boundary markers: The skill uses standard heredoc delimiters (
EOF), which provide logical separation but do not inherently prevent the AI backend from following instructions embedded within the task content itself. - Capability inventory: The wrapper has the capability to perform complex code analysis, refactoring, and generation, which involves file system interaction and potentially code execution.
- Sanitization: There is no evidence of input validation, escaping, or instruction-filtering for the content passed into the backends.
Audit Metadata