Skills
skills/dnyoussef/ai-chrome-extension/skill-creator-agent/Gen Agent Trust Hub

skill-creator-agent

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it lacks proper sanitization and boundary markers for external data.
  • Ingestion points: User-provided requests (userRequest, task) and file contents (relevantFiles) are directly embedded into system prompts in SKILL.md (lines 354, 434, 532).
  • Boundary markers: No delimiters or instructional guards are present to prevent the agent from following instructions embedded within the processed data.
  • Capability inventory: The skill patterns utilize highly privileged tools including Bash, Write, Edit, and WebFetch.
  • Sanitization: There is no evidence of input validation or escaping of special characters.
  • [COMMAND_EXECUTION]: The provided code implementations explicitly configure agents with administrative-level tools such as Bash and Edit (e.g., allowedTools: ['Read', 'Grep', 'Bash'] on line 343).
  • [EXTERNAL_DOWNLOADS]: The documentation suggests installing the @anthropic-ai/claude-agent-sdk (NPM) and claude_agent_sdk (PyPI) packages. These are official developer resources for building agentic applications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:18 AM