[BUG] Dangerously-skip-permissions burning tokens in headless run of claude code frequently querying the bash-policy agent for "command prefix“

Resolved 💬 2 comments Opened Feb 20, 2026 by Superskyyy Closed Mar 21, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

So when specifying --dangerously-skip-permissions my understanding is that it never should trigger the bash policy agent since it is autonomous anyway, in 900 sessions i see over 7906 cases where the following agent is invokede to determine the prefix of a command:

You are a Claude agent, built on Anthropic's Claude Agent SDK.
Your task is to process Bash commands that an AI coding agent wants to run.

This policy spec defines how to determine the prefix of a Bash command:

claude code version: x-anthropic-billing-header: cc_version=2.1.45.f10; cc_entrypoint=sdk-cli; cch=6b427;

What Should Happen?

the ```
You are a Claude agent, built on Anthropic's Claude Agent SDK.
Your task is to process Bash commands that an AI coding agent wants to run.

This policy spec defines how to determine the prefix of a Bash command:

agent should not be invoked when yolo mode  --dangerously-skip-permissions is set.

### Error Messages/Logs

```shell

Steps to Reproduce

  1. claude --dangerously-skip-permissions -p "task to do"
  2. check the network request after doing some yolo tasks

Claude Model

Not sure / Multiple models

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.45

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

VS Code integrated terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗