generate-agent
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It takes user-provided persona details (Identity, Expertise, Thinking Process) and interpolates them directly into a markdown template (
assets/agent_template.md) to create new agent files. If a user provides malicious instructions during this setup phase, those instructions could override the behavior of the generated agent when it is later activated. - Ingestion points: User-provided role definitions and identity descriptions during the analysis phase.
- Boundary markers: The skill utilizes
<thinking_process>,<think>, and other XML delimiters to separate configuration from instructions, which helps mitigate accidental obedience but does not fully prevent adversarial injection. - Capability inventory: The skill uses
createandedittools to write the generated configurations to.github/agents/*.agent.md. - Sanitization: No explicit sanitization or validation of user-provided string content is mentioned beyond structural XML checks.
- [COMMAND_EXECUTION]: The skill executes a local Python script (
.github/skills/generate-agent-skills/scripts/validate_skill.py) to validate the YAML frontmatter and structure of the generated agent files. This is a standard development practice using a local toolchain and does not involve remote code execution.
Audit Metadata