skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains multiple Python scripts that interact with the file system.
scripts/init_skill.py: Creates new directories and writes multiple template files (Markdown and Python) to the local disk based on user-supplied names and paths.scripts/package_skill.py: Iteratively reads the contents of a directory and creates a compressed ZIP archive (.skill file).scripts/init_skill.pyandscripts/package_skill.pyuse file system permissions (chmod 0o755) to ensure generated scripts are executable.- [PROMPT_INJECTION]: The skill handles untrusted data that could influence the agent's actions through script parameters and file content generation.
- Ingestion points: User-provided command-line arguments (
skill-name,--path) ininit_skill.pyandpackage_skill.py, and user-authored YAML frontmatter processed byquick_validate.py. - Boundary markers: The skill documentation (
SKILL.md) suggests using templates and examples to guide the agent, but the scripts themselves do not enforce boundary markers for path inputs. - Capability inventory: The skill has the capability to read any directory content (via
rglob) and write/overwrite files in specified paths. - Sanitization:
scripts/quick_validate.pyperforms regex-based sanitization on the 'name' field (hyphen-case) and 'description' field (length checks and exclusion of angle brackets) to prevent some injection vectors, but it does not sanitize the underlying system paths provided to the script logic.
Audit Metadata