command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The skill serves as a template generator for slash commands.\n- Data Exposure & Exfiltration (SAFE): The skill does not contain hardcoded credentials or sensitive data access patterns. While the documentation mentions the use of environment variables for tokens (e.g., GITHUB_TOKEN), these are treated correctly as user-provided configuration.\n- Obfuscation (SAFE): All code and documentation are provided in clear text without any encoding or hidden characters.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): No remote scripts are downloaded or executed. The skill uses standard Python libraries and does not perform any unsafe dynamic code execution.\n- Privilege Escalation (SAFE): No usage of sudo or attempts to acquire elevated permissions were detected. Symlink creation is restricted to the user's home directory (~/.claude).\n- Persistence Mechanisms (SAFE): The skill's primary function is to symlink command files into ~/.claude to make them persistent in Claude Code sessions, which is the legitimate and documented purpose of the tool.\n- Metadata Poisoning (SAFE): No malicious instructions were found in the skill's documentation or metadata fields.\n- Indirect Prompt Injection (SAFE): The skill facilitates the creation of command files from user-defined inputs, but it does not ingest untrusted external data for runtime execution.\n- Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on time or environment conditions was found.\n- Dynamic Execution (SAFE): The scripts generate static markdown files and do not use eval, exec, or other dynamic execution sinks.
Audit Metadata