Skill markdown content triggers Bash permission pre-check incorrectly

Resolved 💬 3 comments Opened Mar 5, 2026 by cerbo-scott Closed Mar 9, 2026

Bug: Skill markdown content triggers Bash permission pre-check incorrectly

Summary

When invoking a Claude Code skill (plugin command), the permission pre-check scanner incorrectly flags prose text in the markdown file as potentially dangerous bash commands. This prevents the skill from loading even though the flagged content is instructional documentation, not executable code.

Error Message

Error: Bash command permission check failed for pattern "!`, `": This command requires approval

Environment

  • Claude Code version: Latest (as of March 2026)
  • OS: macOS
  • Plugin: Custom plugin with skills in commands/ directory

Steps to Reproduce

  1. Create a plugin with a skill file (e.g., commands/infra/my-skill.md)
  2. Include prose text that mentions shell metacharacters, for example:

``markdown
Check if the password contains problematic shell metacharacters like exclamation marks, asterisks, dollar signs, or backticks.
``

  1. Invoke the skill with /my-skill
  2. Observe the permission error before the skill even loads

Expected Behavior

  • Skill files should load without triggering bash permission checks
  • Permission checks should only apply when the Bash tool is actually invoked with a command
  • Prose text describing characters (e.g., "avoid using backticks") should not be interpreted as bash commands

Actual Behavior

  • The permission scanner appears to scan the entire skill markdown file
  • Words like "backticks" in prose text trigger the permission check
  • The skill cannot be invoked at all, even though no bash commands are being executed

Workaround

Currently the only workaround is to avoid mentioning certain character names in skill documentation, which limits the ability to write helpful instructional content.

Additional Context

The skill in question is an ArgoCD password reset workflow that warns users to avoid special characters in passwords (because they cause shell escaping issues). Ironically, the warning text itself triggers the permission check.

The flagged pattern "!, " appears to be matching against prose like "exclamation marks" and "backticks" rather than actual bash syntax.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗