command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (SAFE): The skill functions by interpolating user-provided text into markdown files that contain agent instructions, creating an indirect prompt injection surface. * Ingestion points: User-provided command descriptions and workflow steps in SKILL.md. * Boundary markers: None used in the generated command files. * Capability inventory: The skill uses
mkdirandWritetools to create the commands. * Sanitization: No sanitization is performed as the purpose is to allow the user to define arbitrary instructions. This risk is inherent to the skill's primary function and is considered safe within its intended use case. - COMMAND_EXECUTION (SAFE): The skill executes specific local commands to detect the environment and prepare directory structures. * Evidence: Usage of
git rev-parse --is-inside-work-treeandmkdir -pfor directory management. These are standard operations for managing local configuration files.
Audit Metadata