create-master-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill's architecture patterns explicitly direct the creation of scripts to read and validate sensitive local files. Evidence: references/master-skill-patterns.md contains a pattern for check_config.py that specifically targets .env and user-config.yaml files for credential validation.
- [COMMAND_EXECUTION] (HIGH): The skill follows a workflow where it generates Python scripts based on external research and then executes them locally. Evidence: Phase 3 and 4 of SKILL.md describe building scripts from templates and running them using python scripts/check_integration_config.py.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection because it ingests data from unverified web searches and uses it to generate executable logic. Evidence Chain: 1. Ingestion points: Web research results from SKILL.md Phase 1 capture API documentation and best practices. 2. Boundary markers: Absent; research is captured and used for architecture design and script population. 3. Capability inventory: Python script execution in SKILL.md Phase 4. 4. Sanitization: Absent; the skill relies on the agent to adapt unverified web content into templates.
- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to perform network operations (API connection tests) using credentials read from local files, which could be diverted if the script generation logic is poisoned.
Recommendations
- AI detected serious security threats
Audit Metadata