Permission bypass: Edit tool executed without approval when it should have been blocked
Bug Report
What Happened
Multiple Edit tool calls were executed without permission prompts, even though the user's permission settings should have required approval.
Expected Behavior
User should have been prompted to approve each edit (or batch of edits) before execution.
Actual Behavior
10+ consecutive Edit calls were executed automatically with only confirmation messages shown, instead of permission prompts.
Context
- File type: Skill definition file in
.claude/skills/directory - Permission mode: No explicit
permissionModeconfigured in settings - User expectation: Edits should require approval
- Tool calls: Standard
Editcalls with no special parameters or bypass flags
Settings Configuration
Settings file contains hooks, status line config, and model setting, but no permissionMode field.
Environment
- OS: macOS
- Claude Code CLI
- Model: claude-sonnet-4-5
Possible Root Cause
- Default permission mode might auto-approve edits to
.claude/directory files - Edit tool might bypass permission system for skill/config files
- Permission system bug allowing edits through when they should be blocked
Reproduction Steps
- Use default permission mode (no explicit setting)
- Attempt multiple
Editcalls to files in.claude/skills/directory - Observe if edits execute without permission prompts
Impact
Users may have files modified without explicit consent, especially configuration and skill files.
Additional Notes
The agent did not pass any special parameters to bypass permissions - just standard Edit(file_path, old_string, new_string) calls. The permission handling appears to be bypassed at the system level.
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗