Skills
Reversec 'Skill Issues' Research: Three Attack Vectors in Claude Code Skills — Dynamic Context Bypasses LLM Safety, bypassPermissions in Agent Config, Bash(*) Enables Reverse Shells
Security research published May 5 reveals three attack vectors in Claude Code skills: (1) dynamic context prefixed with '!' executes commands before LLM reasoning can intercept, bypassing safety checks; (2) agents can specify permissionMode: bypassPermissions in config files to override user security settings; (3) allowed-tools: Bash(*) in skill frontmatter enables arbitrary command execution including reverse shells. Mitigate with deny rules in user settings, enterprise-managed policies, and never installing unvetted skills.
Source
↳ Follow the thread