skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The core workflow in
SKILL.md(Steps 3 and 5) instructs the agent to run Python scripts (scripts/init_skill.pyandscripts/package_skill.py) that are part of the skill package. Because the skill's source (github.com/bobmatnyc/...) is not a trusted repository, these scripts could contain malicious code that executes arbitrary commands on the host system.\n- REMOTE_CODE_EXECUTION (MEDIUM): Although the scripts are part of the local skill folder, they originate from an external untrusted repository. Executing these provided scripts is equivalent to running remote code without prior auditing.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted user-provided 'usage examples' to generate skill instructions and scripts.\n - Ingestion points:
SKILL.mdStep 1 ('Gather 3-5 realistic usage examples').\n - Boundary markers: Absent. The skill provides no instructions to use delimiters or warnings to ignore embedded commands in the input data.\n
- Capability inventory: The skill uses
scripts/init_skill.pywhich has the capability to write files and create directories.\n - Sanitization: Absent. There is no mention of sanitizing, escaping, or validating the input data before it is interpolated into the generated skill components.
Audit Metadata