skill_factory
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted user descriptions to generate functional code modules. \n- Ingestion points: User-provided requirements (e.g., 'Make a skill that does X'). \n- Boundary markers: Absent. The skill lacks instructions to sanitize or ignore embedded malicious directives within the user's prompt. \n- Capability inventory: The skill triggers file system creation and writes executable scripts (.py, .ts) and dependency files (package.json, requirements.txt). \n- Sanitization: None. A malicious requirement could result in the generation of a 'backdoored' skill. \n- [Command Execution] (MEDIUM): The skill uses file system tools to create directory structures and files. If the 'skill_id' derived from user input is not sanitized, it could be exploited for path traversal attacks. \n- [Dynamic Execution] (MEDIUM): The skill performs runtime code generation by assembling scripts from templates and user-controlled metadata.
Recommendations
- AI detected serious security threats
Audit Metadata