skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Automated security scanners identified a malicious URL related to the 'product.md' reference mentioned in SKILL.md. Although used as a structural example, the presence of blacklisted URLs can lead the agent to reference or attempt connections to malicious external domains.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic script generation through 'scripts/init_skill.py'. This script programmatically writes Python source code to 'scripts/example.py' and uses 'chmod' to grant execution permissions. The automated creation and enabling of executable code at runtime is a high-risk capability.
- [COMMAND_EXECUTION]: The bundled scripts 'scripts/init_skill.py' and 'scripts/package_skill.py' execute sensitive file system commands, including directory creation and archiving. These tools allow the agent to modify the local environment, which could be exploited if the agent is directed to manipulate sensitive system files.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core workflow of processing external data.
- Ingestion points: Untrusted data enters the agent's context when users provide 'concrete examples' and 'domain expertise' to generate skill content (Step 1 and Step 4).
- Boundary markers: The instructions lack delimiters or 'ignore instructions' warnings when interpolating user-supplied content into generated files.
- Capability inventory: The skill possesses file-write and permission modification capabilities via the 'init_skill.py' script.
- Sanitization: There are no validation or sanitization mechanisms to filter malicious instructions from user-provided inputs before they are written into executable resource files.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata