Permission bypass: Edit tool executed without approval when it should have been blocked

Resolved 💬 5 comments Opened Feb 12, 2026 by ilanoh Closed Mar 22, 2026

Bug Report

What Happened

Multiple Edit tool calls were executed without permission prompts, even though the user's permission settings should have required approval.

Expected Behavior

User should have been prompted to approve each edit (or batch of edits) before execution.

Actual Behavior

10+ consecutive Edit calls were executed automatically with only confirmation messages shown, instead of permission prompts.

Context

  • File type: Skill definition file in .claude/skills/ directory
  • Permission mode: No explicit permissionMode configured in settings
  • User expectation: Edits should require approval
  • Tool calls: Standard Edit calls with no special parameters or bypass flags

Settings Configuration

Settings file contains hooks, status line config, and model setting, but no permissionMode field.

Environment

  • OS: macOS
  • Claude Code CLI
  • Model: claude-sonnet-4-5

Possible Root Cause

  1. Default permission mode might auto-approve edits to .claude/ directory files
  2. Edit tool might bypass permission system for skill/config files
  3. Permission system bug allowing edits through when they should be blocked

Reproduction Steps

  1. Use default permission mode (no explicit setting)
  2. Attempt multiple Edit calls to files in .claude/skills/ directory
  3. Observe if edits execute without permission prompts

Impact

Users may have files modified without explicit consent, especially configuration and skill files.

Additional Notes

The agent did not pass any special parameters to bypass permissions - just standard Edit(file_path, old_string, new_string) calls. The permission handling appears to be bypassed at the system level.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗