skill-create-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters, extract system prompts, or override agent behavior were detected in the skill instructions or metadata.
- [Data Exposure & Exfiltration] (SAFE): The skill interacts with local project files such as idea documents and configuration manifests. It does not access sensitive system paths like ~/.ssh or .env, nor does it perform network requests to external domains.
- [Remote Code Execution] (SAFE): No patterns involving the download and execution of remote scripts or the installation of unverified external packages were found.
- [Indirect Prompt Injection] (LOW): The skill defines a surface for processing untrusted data which is later used to modify project configuration. * Ingestion points: Reads idea drafts from
.docs/ideas/and requirements from.docs/. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands within these documents are defined. * Capability inventory: Modifies.claude-plugin/plugin.json,.claude-plugin/marketplace.json, and creates files inskills/. * Sanitization: No content validation or escaping is specified before data is processed by subsequent tools.
Audit Metadata