instruction-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_instruction.pyperforms file system operations to create new instruction files. - Evidence: The script uses
os.path.join(output_dir, name)andopen(path, 'w').write()to write content to the disk. - Risk: There is no validation or sanitization of the
nameoroutputarguments. This could theoretically allow a user to write files to unintended locations via path traversal (e.g., using../), although the script enforces a.instructions.mdfile extension. - [PROMPT_INJECTION]: The skill is designed to create 'Policy Maker' files that define the behavior and constraints of AI agents (GitHub Copilot).
- Ingestion points: User-provided inputs for
descriptionandapplyToare interpolated directly into the generated markdown frontmatter inscripts/init_instruction.py. - Boundary markers: The generated template lacks explicit boundary markers or instructions to the agent to ignore potentially malicious content within the interpolated fields.
- Capability inventory: The generated instructions are intended to influence the agent's file processing and code generation logic.
- Sanitization: No sanitization is performed on the input strings before they are written to the instruction files, creating a surface for indirect prompt injection if the generated files are shared or used in untrusted environments.
Audit Metadata