creating-agent-skills
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill accesses and modifies the sensitive global credential file containing API keys and tokens.
- Evidence: 'references/api-security.md' contains instructions to grep and append variables to '~/.claude/.env'.
- [COMMAND_EXECUTION]: The skill generates script files and modifies their file permissions to make them executable.
- Evidence: 'workflows/add-script.md' includes instructions to run 'chmod +x' on newly created scripts.
- [COMMAND_EXECUTION]: Extensive use of shell utilities to manipulate the local file system and inspect environment state.
- Evidence: Commands like 'ls', 'cat', 'mkdir', 'grep', and 'which' are utilized throughout workflow files such as 'workflows/audit-skill.md' and 'workflows/verify-skill.md'.
- [PROMPT_INJECTION]: The skill ingests and analyzes content from arbitrary external skill files, making it susceptible to indirect prompt injection if those files contain malicious instructions.
- Evidence: 'workflows/audit-skill.md' reads 'SKILL.md' and other workflow/reference files for structural auditing.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of external Python packages during the setup of new skills.
- Evidence: 'references/executable-code.md' suggests running 'pip install pypdf'.
Recommendations
- AI detected serious security threats
Audit Metadata