skill-authoring-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local shell and Python scripts (e.g.,
add-a-skill.sh,test-a-skill.sh,check-skill-metadata.py) located in thescripts/directory. These commands are intended for repository management and do not involve privileged operations or external downloads. - [PROMPT_INJECTION]: The workflow ingests external data in the form of workshop notes or research files from the
research/directory to generate new skills. This creates an indirect prompt injection surface where untrusted content could potentially influence the agent's output during the authoring process. - Ingestion points: Processes files provided by the user in the
research/directory. - Boundary markers: None explicitly defined in the workflow instructions.
- Capability inventory: Executes local scripts for file creation, validation, and metadata checking.
- Sanitization: The skill relies on the underlying scripts and human review phases to ensure content compliance.
Audit Metadata