skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The procedure in
SKILL.md(Step 1.3) instructs the agent to execute a shell command:python3 scripts/validate-metadata.py --name "[name]" --description "[description]". This pattern of using raw placeholders for shell arguments is a potential command injection vector. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted user data used in file creation and command execution.
- Ingestion points: User-supplied values for
nameanddescriptioninSKILL.mdStep 1. - Boundary markers: None present to delimit user input from the rest of the command string.
- Capability inventory: The skill performs shell command execution (
python3) and file system modifications (directory and file creation in Steps 2 and 3). - Sanitization: None. While a validation script is provided, it is intended to be executed with the untrusted input rather than sanitizing it beforehand.
- [SAFE]: The script
scripts/validate-metadata.pyis incomplete. The provided code defines a validation function but fails to implement argument parsing or a function call in theif __name__ == "__main__":block, making it non-functional.
Audit Metadata