Skills
skills/carmandale/agent-config/skill-creator/Gen Agent Trust Hub

skill-creator

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill architecture allows for indirect prompt injection via the processing of untrusted user examples.\n
  • Ingestion points: User-provided skill requirements and concrete examples processed in SKILL.md.\n
  • Boundary markers: None; the skill lacks delimiters or instructions to prevent the agent from obeying instructions embedded within user-provided data.\n
  • Capability inventory: SKILL.md instructs the agent to execute generated scripts in the scripts/ directory for validation purposes.\n
  • Sanitization: None; the skill does not implement verification or sanitization of the generated code before it is run.\n- [SAFE]: Automated scanner alerts regarding product.md appear to be false positives or related to missing files, as product.md is only referenced as a placeholder in documentation and no malicious URLs are present in the provided code.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 26, 2026, 08:06 PM