skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill automates the creation of new skill definitions by interpolating user-provided text into templates and writing them to disk. This design allows for indirect prompt injection where malicious instructions could be embedded in the skill description or patterns and subsequently executed by the agent in future interactions.
- Ingestion points: User-provided strings for skill metadata and instructions entering the context during the creation process (SKILL.md).
- Boundary markers: None; the skill uses simple string interpolation into SKILL.md and assets/SKILL-TEMPLATE.md.
- Capability inventory: The skill has access to Write, Edit, and Bash tools, which allow it to persist instructions and potentially execute commands derived from those instructions (SKILL.md).
- Sanitization: No validation or escaping of user-provided content is performed before writing files (SKILL.md).
Audit Metadata