--dangerously-skip-permissions does not propagate to context: fork sub-agents
Bug description
When a session is started with claude -p --dangerously-skip-permissions, skills that use context: fork in their frontmatter do not inherit the --dangerously-skip-permissions flag. Commands outside the skill's allowed-tools still trigger permission confirmation prompts in the forked sub-agent.
The documentation states:
If the parent uses bypassPermissions, this takes precedence and cannot be overridden
This implies that --dangerously-skip-permissions should propagate to forked sub-agents, but the actual behavior contradicts this.
Steps to reproduce
- Create a skill with
context: forkin its frontmatter and anallowed-toolslist:
``yaml``
---
name: my-skill
context: fork
allowed-tools: Bash(git status:*), Read
---
- Run
claude -p "/my-skill" --dangerously-skip-permissions - Inside the skill, attempt to run a command not in
allowed-tools(e.g.,ps) - A permission confirmation prompt appears
Expected behavior
--dangerously-skip-permissions propagates to context: fork sub-agents, and all commands execute without permission prompts.
Actual behavior
The forked sub-agent applies its own allowed-tools permission checks as if --dangerously-skip-permissions was not set. Commands outside allowed-tools trigger confirmation prompts.
Workaround
Extract the skill body (stripping the YAML frontmatter) and pass it directly as a prompt to claude -p, bypassing the context: fork frontmatter interpretation entirely:
SKILL_FILE="skills/my-skill/SKILL.md"
FRONTMATTER_END=$(awk '/^---$/{n++; if(n==2){print NR; exit}}' "$SKILL_FILE")
SKILL_BODY=$(tail -n +"$((FRONTMATTER_END + 1))" "$SKILL_FILE")
claude -p "$SKILL_BODY" --dangerously-skip-permissions
Environment
- Claude Code CLI (latest version as of Feb 2026)
- macOS
- Skills using
context: forkwithallowed-tools
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗