skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs strong directive markers such as 'CRITICAL', 'MANDATORY', and 'NEVER' to override standard agent behavior, specifically mandating the use of predefined application paths and prohibiting the agent from asking the user for save locations.
- [COMMAND_EXECUTION]: The instructions require the agent to perform filesystem operations, including directory creation and file writing, within specific application support folders across macOS, Windows, and Linux.
- [PROMPT_INJECTION]: The skill design creates an indirect prompt injection surface by taking user input and persisting it into SKILL.md files that influence future agent behavior.
- Ingestion points: User-provided functionality descriptions and usage examples gathered during the skill creation process.
- Boundary markers: No delimiters or protective instructions are implemented in the generated SKILL.md files.
- Capability inventory: File-writing capabilities to the application's automatic skill detection directory.
- Sanitization: The process lacks validation or sanitization of user input before it is written to the instruction files.
Audit Metadata