Skills
skills/aj-geddes/claude-code-bmad-skills/Builder/Gen Agent Trust Hub

Builder

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution & Persistence] (MEDIUM): The skill generates SKILL.md and command files and provides instructions to install them into sensitive system paths (~/.claude/skills/ and ~/.claude/config/). This allows for the runtime generation of new agent capabilities that persist across sessions.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted user requirements to generate agent code. It lacks boundary markers or sanitization logic, creating a surface where a user could trick the 'Builder' into generating an agent with hidden malicious instructions. Evidence: Ingestion points: User requirements in /create-agent; Boundary markers: Absent; Capability inventory: File-write to ~/.claude/ skills directory via TodoWrite; Sanitization: Absent.
  • [Command Execution] (LOW): The skill references the use of 'TodoWrite' to manage file creation and instructs the user to restart the agent host to load newly created code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 05:57 PM