skill-share
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates Python scripts and packages them into ZIP files. This process involves file system operations and likely utilizes subprocess calls for packaging and validation tasks. Automatically generating executable scripts based on templates presents a risk if the generation logic is manipulated.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It takes untrusted user input (skill names and descriptions) and interpolates it directly into the YAML metadata and bodies of newly created SKILL.md files.
- Ingestion points: User-provided strings for skill names and descriptions are used to populate the metadata of generated files.
- Boundary markers: There are no mentioned delimiters or instructions to ignore embedded commands within the user-provided metadata.
- Capability inventory: The skill has capabilities to write to the file system, execute Python scripts, package ZIP archives, and send data to Slack via the Rube integration.
- Sanitization: No sanitization or validation of the content of the user-provided metadata is specified, allowing for potentially malicious instructions to be embedded in the generated skills.
Audit Metadata