Skills
skills/xiaolai/claude-agent-sdk-skill-autoupdated/claude-agent-sdk/Gen Agent Trust Hub

claude-agent-sdk

Warn

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The maintenance scripts located in the agent/ directory (such as update-agent.ts, mending-agent.ts, and research-agent-ts.ts) are configured to utilize bypassPermissions and allowDangerouslySkipPermissions. This allows these sub-agents to autonomously execute code and modify the local environment without requesting user oversight.
  • [COMMAND_EXECUTION]: The update pipeline and its associated bash scripts (e.g., agent/monitor.sh) utilize the Bash tool to execute arbitrary shell commands for tasks including version auditing, repository synchronization, and file system manipulation.
  • [PROMPT_INJECTION]: The skill's primary reference files (SKILL-python.md and SKILL-typescript.md) contain extensive 'Known Issue' sections which provide specific instructions to the agent to override standard SDK behaviors or bypass safety constraints, acting as a form of instruction override.
  • [EXTERNAL_DOWNLOADS]: The agent/monitor.sh script programmatically fetches metadata from official package registries (npm and PyPI) and retrieves issue content and comments from GitHub's public API. This external data is used as input for the autonomous research agents without sanitization markers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 30, 2026, 04:55 PM
Security Audit — agent-trust-hub — claude-agent-sdk