[BUG] `awk -f script.awk` that can execute arbitrary code may skip the classifier's audit in auto-mode

Resolved 💬 3 comments Opened Apr 24, 2026 by cychen2021 Closed Apr 27, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

In auto-mode, commands that may execute arbitrary code, such as bash and python, are forced to be audited by the security classifier, regardless of whether they are on the user-defined allow-list. awk -f script.awk can do the same things that bash does (executing arbitrary code) if script.awk contains:

BEGIN {
    system("bash -c '...")
}

However, awk isn't forced to go through the classifier's audit, so if it is on the user-defined allow-list, it will skip the security audit entirely in auto-mode. Compared to bash, this doesn't make sense.

What Should Happen?

awk should be forced to go through the classifier's audit.

Error Messages/Logs

N/A

Steps to Reproduce

Create a file script.awk containing the aforementioned content. Add awk to the user-defined allow-list. Launch Claude Code in auto-mode and ask it to finish a task that requires executing awk -f script.awk.

Claude Model

None

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

2.1.119

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

Windows Terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗