skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform local file system operations using shell commands such as 'ls', 'tree', 'head', and 'mkdir' to manage skill directories located in the user's home directory.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists within the workflows designed to clone or validate existing skills. The agent is directed to read and process the contents of external manifest files which are untrusted data sources.
- Ingestion points: The agent reads 'SKILL.md' and other files from directories within '~/.claude/skills/'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the workflows for processing these external files.
- Capability inventory: The agent has access to shell command execution and file writing capabilities.
- Sanitization: The instructions do not define any sanitization or validation protocols for the content ingested from existing skills before it is incorporated into the agent's context.
Audit Metadata