skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill architecture involves ingesting user-provided descriptions and examples to generate instructional files, which constitutes a surface for indirect prompt injection.
- Ingestion points: User-provided skill metadata and usage examples are written to SKILL.md and resource files in scripts/init_skill.py.
- Boundary markers: Metadata is delimited by standard YAML markers (---), though explicit instructions to ignore embedded commands in user-provided content are not present.
- Capability inventory: scripts/init_skill.py handles file creation and writing; scripts/package_skill.py manages file reading and zipping.
- Sanitization: Skill names are normalized via regex to prevent path traversal; scripts/quick_validate.py filters for potentially dangerous characters (angle brackets) and utilizes yaml.safe_load() for secure metadata processing.
- [COMMAND_EXECUTION]: The initialization script scripts/init_skill.py modifies file system permissions using chmod(0o755) to ensure generated example scripts are executable. This operation is localized to the user-specified skill development directory.
Audit Metadata