skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides scripts (
scripts/init_skill.py,scripts/package_skill.py) for automating the skill development lifecycle. These scripts perform local file system operations including creating directories, writing template files, and modifying file permissions (chmod 0o755) for generated placeholder scripts. These actions are restricted to the output paths specified by the user. - [PROMPT_INJECTION]: The skill processes user-defined requirements to generate new instructions, representing a surface for indirect prompt injection (Category 8).
- Ingestion points: User-provided functional examples and requirements during 'Step 1: Understanding the Skill' and 'Step 4: Edit the Skill' in the creation workflow.
- Boundary markers: The instructions do not define specific delimiters or isolation techniques for the agent to use when interpolating user requirements into the generated SKILL.md file.
- Capability inventory: The skill possesses file system modification capabilities via
scripts/init_skill.py(write/mkdir/chmod) and archive creation capabilities viascripts/package_skill.py(zip). - Sanitization: While
scripts/quick_validate.pyperforms basic validation on metadata (character restrictions and length limits), it does not sanitize the instructional content or the logic of generated scripts against adversarial inputs.
Audit Metadata