skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The 'create-skill.sh' script contains a command injection vulnerability. It uses an unquoted heredoc (<<EOF) and does not sanitize the 'DESCRIPTION' variable. An attacker can inject command substitutions like $(...) or even terminate the heredoc early by including the EOF delimiter in the description, leading to arbitrary command execution by the shell.
- [PROMPT_INJECTION] (HIGH): The skill is designed to process external inputs to create new instructions. This is a primary vector for indirect prompt injection, allowing an attacker to either exploit the shell vulnerability in the creation script or plant malicious instructions into the agent's future workspace.
Recommendations
- AI detected serious security threats
Audit Metadata