skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pyperforms filesystem operations by creating directories and writing skill template files. It also useschmodto set executable permissions (0o755) on generated example scripts. Additionally,scripts/package_skill.pycreates compressed zip archives of skill folders. These actions are the core functionality of the development tool. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it generates new skill files based on user-provided metadata (name and description). Evidence: Ingestion points at skill name and description fields; absence of boundary markers in generated templates; capability for file-writing; and basic character-level sanitization in
scripts/quick_validate.py. - [SAFE]: The skill originates from a trusted source and is consistent with its stated purpose as a creator tool. No unauthorized network requests, credential access, or obfuscation were detected. The automated scan alert regarding 'product.md' was determined to be a false positive identifying a filename in documentation examples rather than a malicious URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata