Skills
skills/abilityai/abilities/create-playbook/Gen Agent Trust Hub

create-playbook

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by generating new instructions based on untrusted user input.
  • Ingestion points: User input collected during Step 2 (Name, Purpose) and Step 4 (Process steps, Outputs) is used to populate templates.
  • Boundary markers: Absent. The generated SKILL.md files do not appear to use delimiters or warnings to isolate user-provided content from the agent's core instructions.
  • Capability inventory: The skill uses the Write tool to create new instruction files and the Bash tool for directory management. Generated skills may possess any set of tools defined by the user.
  • Sanitization: Absent. User-provided purpose and process steps are written directly into the new SKILL.md files without validation or escaping.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform legitimate environment checks and setup tasks.
  • Evidence: Executes ls to check for existing skills in project-local and user-home directories (~/.claude/skills/).
  • Evidence: Uses mkdir -p to establish directory structures for new skills.
  • Evidence: Uses cat to verify the content of the generated skill file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 11:46 PM