skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its indexing mechanism. The script
scripts/build_agents_index.pyingests metadata (names, descriptions, triggers) from files located inskills/*/SKILL.mdandskills/*/references/*.md(including those cloned from external sources) and interpolates them into the global agent instruction fileinstructions/global.md. While the script uses boundary markers (<!-- AGENTS_SKILLS_INDEX_START -->) and a basic sanitization function that replaces pipes, it does not sanitize for embedded instructions, markdown, or HTML comments. This data flow is associated with capabilities to execute local scripts and write to the filesystem, such as the sync script and index builder. - [COMMAND_EXECUTION]: The skill's operational rules and workflow involve the execution of local maintenance tools and scripts, including
python3 skills/skill-creator/scripts/build_agents_index.py,bin/sync.sh, andskills-ref validate. - [EXTERNAL_DOWNLOADS]: The skill uses the
repo-researchutility to clone repositories from GitHub, which is a well-known service, for the intended purpose of installing new skills.
Audit Metadata