Context-Inappropriate Capability
Medium
- Confidence
- 97% confidence
- Finding
- The README explicitly instructs use of `claude --permission-mode bypassPermissions`, which disables Claude Code's normal safety gate before executing actions. In a delegation skill that may analyze, edit files, and run follow-up tasks with remembered context, this materially broadens what delegated runs can do and increases the chance of unintended or unsafe file/system modifications.
