skill-gen

EXTERNAL_DOWNLOADS (MEDIUM):

• The README.md instructs users to install the skill using npx skills add crafter-station/skills. The crafter-station GitHub organization is not on the list of trusted sources.
• The README.md also requires installing a Firecrawl MCP Server from mendableai/firecrawl-mcp. The mendableai GitHub organization is not on the list of trusted sources.
• The skill heavily relies on the firecrawl.dev external service for its core functionality. While Firecrawl is a known service, it is not explicitly listed as a trusted source, and its behavior is external to this skill's direct control. COMMAND_EXECUTION (MEDIUM):
• The skill's primary purpose is to generate other skills, which inherently involves executing local Python scripts (scripts/init_skill.py, scripts/package_skill.py, scripts/quick_validate.py) that perform file system operations.
• scripts/init_skill.py creates directories and files based on user-provided skill-name and path. Although Path.resolve() is used, init_skill.py itself does not perform full validation of the skill-name argument before creating directories. This could potentially lead to unexpected directory structures or errors if the input is malformed, even if package_skill.py later validates the skill's name.
• scripts/package_skill.py reads skill files and creates a .zip archive. PRIVILEGE_ESCALATION (LOW):
• scripts/init_skill.py includes example_script.chmod(0o755) (line 130), which makes the generated example script executable. While this is part of creating a functional template, it is a privilege escalation action. DATA_EXFILTRATION (INFO):
• The skill processes content from arbitrary URLs via the Firecrawl agent. There is an inherent, indirect risk that a malicious input URL could instruct the Firecrawl agent or the subsequent skill generation process to include data exfiltration commands in the generated skill. However, the skill-gen skill itself does not contain explicit data exfiltration commands. The FIRECRAWL_API_KEY is handled as an environment variable, which is a good practice. PROMPT_INJECTION (SAFE): No prompt injection patterns were found in the skill's instructions or metadata. The skill-prompt-template.md is an internal prompt for the Firecrawl agent, not a user-facing prompt to Claude. METADATA_POISONING (SAFE): No malicious patterns found in metadata fields. OBFUSCATION (SAFE): No obfuscation techniques detected. PERSISTENCE_MECHANISMS (SAFE): No persistence mechanisms detected. TIME-DELAYED / CONDITIONAL ATTACKS (SAFE): No time-delayed or conditional attack patterns detected.