claude-skills
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Command Execution (SAFE): The skill includes shell scripts (create-skill.sh, validate-skill.sh) that use standard POSIX tools for local file management. The script create-skill.sh validates the skill_name input against the regex ^[a-z][a-z0-9-]*$, preventing path traversal or shell injection. Operations are restricted to local directory creation and file writing using templates.
- Indirect Prompt Injection (LOW): This meta-skill has an ingestion surface for external content. Evidence: 1. Ingestion points: Domain material (docs/APIs/code/specs) as mentioned in SKILL.md. 2. Boundary markers: Present (SKILL.md defines explicit triggers and Not For / Boundaries sections). 3. Capability inventory: Local directory creation (mkdir) and file writing (cat, sed) in create-skill.sh. 4. Sanitization: Regex validation for skill names and strict structural guidelines for output. The risk is low as capabilities are restricted to local scaffolding.
- Data Exfiltration (SAFE): No network calls or accesses to sensitive file paths like ~/.ssh or credentials.
- Remote Code Execution (SAFE): No remote scripts are downloaded or executed. All logic is contained within the provided bash scripts and templates.
Audit Metadata