skill-creator-doctor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The script
scripts/add_user_verification.pyis designed to automatically inject a 'MANDATORY USER VERIFICATION REQUIREMENT' section intoSKILL.mdfiles. This section uses high-authority directives such as 'CRITICAL', 'MANDATORY', and 'DO NOT' to constrain agent behavior. While intended as a safety guardrail, these patterns resemble prompt injection techniques used to override system instructions. - Data Exposure (LOW): The script
scripts/add_user_verification.pycontains a hardcoded absolute path (/home/noam/my-projects/...) which exposes the author's local directory structure and username ('noam'). - Safe Practices (SAFE): The script
scripts/quick_validate.pycorrectly usesyaml.safe_load()when parsing YAML frontmatter, preventing potential YAML deserialization vulnerabilities.
Audit Metadata