Claude Skills Risk Assessment

Write Actions

Skills that perform write operations — file system, email transmission, API mutations, code execution, or calendar modifications — carry elevated risk when exposed to untrusted input.

Skill Definition Injection

Adversarial instructions embedded within skill definitions can override system prompts or redirect agent behavior at runtime.

Authentication Scope

Skills inherit the user's existing authentication context without requiring additional OAuth flows, silently expanding access scope.

Data Exfiltration

Combinations of sensitive data read access and external endpoint calls create exfiltration pathways that are difficult to detect at the network layer.

Tool Chaining

Multi-step workflows can cascade a compromised tool's output into downstream actions, amplifying the blast radius of a single injection.

Prompt Injection Surface

Skills that fetch external content or accept untrusted user input expand the prompt injection attack surface significantly.

Privacy & PII Exposure

Excessive access to calendars, contacts, or internal documentation creates privacy risk and potential compliance exposure under GDPR and HIPAA.

Why this matters

Claude skills execute with user-level permissions and access to connected apps. A misconfigured or malicious skill can exfiltrate data, perform write actions, or be hijacked via prompt injection.