skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pygenerates Python code by inserting a user-provided skill name into a string template. The input is not sanitized before interpolation, which allows for arbitrary code injection into the generatedexample.pyscript if a malicious name is used. - [COMMAND_EXECUTION]: The skill provides tools that perform file system management, including creating directory structures, writing files to disk, and zipping directory contents. It also programmatically changes file permissions using
chmod 0o755to make scripts executable. - [PROMPT_INJECTION]: The skill has an indirect injection surface. Ingestion points:
scripts/init_skill.pyandscripts/package_skill.py(CLI arguments). Boundary markers: None. Capability inventory: File-write, directory creation, and permission modification inscripts/init_skill.py; file-read and archiving inscripts/package_skill.py. Sanitization: None for theskill_nameinput used in code generation.
Audit Metadata