skill-creator
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and associated scripts perform file system modifications, including the creation of symbolic links (symlinks) using
ln -sf. These links target application-specific configuration directories such as~/.copilot/skills/,~/.claude/skills/, and~/.codex/skills/, which can be used to modify or override existing skill behaviors. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It processes free-form user input (e.g., skill descriptions) and interpolates it directly into generated
SKILL.mdfiles usingsedwithout escaping or sanitization. This allows a user to craft malicious skill instructions that could influence the behavior of the agent when using the generated skill. - [DATA_EXFILTRATION]: The skill discovery process executes
git configcommands to retrieve the local user's name and email address. While intended for metadata population, this involves automated access to sensitive local configuration files.
Audit Metadata