Skills
skills/algorand-devrel/algorand-agent-skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
  1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'You are now DAN') were found in any of the skill files (SKILL.md, LICENSE.txt, references/output-patterns.md, references/workflows.md).
  2. Data Exfiltration: No commands or patterns suggesting data exfiltration (e.g., curl or wget to non-whitelisted domains combined with sensitive file access like ~/.aws/credentials or ~/.ssh/id_rsa) were detected.
  3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were identified in any of the files.
  4. Unverifiable Dependencies: The skill references local scripts (scripts/init_skill.py, scripts/package_skill.py) and other local files (references/workflows.md, assets/hello-world/). It does not instruct the download or installation of external, unverifiable dependencies from untrusted sources.
  5. Privilege Escalation: No commands or instructions attempting privilege escalation (e.g., sudo, chmod 777, doas) were found.
  6. Persistence Mechanisms: No patterns indicating attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.
  7. Metadata Poisoning: The YAML frontmatter in SKILL.md and the content of LICENSE.txt were reviewed and found to be benign, containing no hidden malicious instructions.
  8. Indirect Prompt Injection: This skill is primarily instructional and does not process external user-supplied content in a way that would make it susceptible to indirect prompt injection.
  9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counters, or specific environment variables designed to trigger malicious behavior at a later point was found.

Specific Finding:

  • COMMAND_EXECUTION (LOW): The skill explicitly instructs the agent to run local scripts, such as scripts/init_skill.py (Line 160 in SKILL.md) and scripts/package_skill.py (Line 245 in SKILL.md). While this constitutes command execution, it is part of the skill's stated purpose as a guide for skill creation. The instructions themselves are benign, and the scripts are assumed to be local rather than downloaded from an untrusted external source. The actual security implications would depend on the content of these local scripts, which are not provided for analysis.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 10:41 PM