create-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for environment setup using standard shell commands (e.g.,
mkdir -p) to create the necessary directory structure for new skills. It also defines how to reference and execute scripts within thescripts/directory for deterministic tasks. - [PROMPT_INJECTION]: As a skill designed to generate instructions for other skills, it possesses an inherent surface for indirect prompt injection.
- Ingestion points: User-provided inputs for skill names, descriptions, and procedural workflows in SKILL.md (Steps 1, 3, and 4).
- Boundary markers: None explicitly required for the generated content beyond YAML frontmatter delimiters.
- Capability inventory: The skill facilitates the use of
Write,Edit, andBashtools to create and modify executable-capable skill files. - Sanitization: No explicit sanitization of user-provided content is mentioned before it is written to the file system. However, the skill encourages objective, imperative language which serves as a natural defensive instruction style.
Audit Metadata