skill-forge-build
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill references and directs the execution of local Python scripts (
scripts/validate_skill.py,scripts/init_skill.py) and the creation/execution of a shell script (install.sh) for deployment to platform directories (~/.claude/).\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by using untrusted user input (plans or descriptions) to generate executable code and system prompts for agents.\n - Ingestion points: User-provided plan documents or natural language descriptions ingested in Step 1 of
SKILL.md.\n - Boundary markers: Absent. The generation instructions do not specify the use of delimiters or warnings to ignore instructions embedded in user-provided data.\n
- Capability inventory: The skill performs file generation (Python, Shell, YAML) and references the execution of validation and initialization scripts in
SKILL.md.\n - Sanitization: Absent. There is no guidance on sanitizing or validating user input before incorporating it into the generated files.
Audit Metadata