create-tool
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to run local CLI commands including 'dzx dev', 'dzx inspect', and 'dzx build', which can interact with and modify the host environment.
- REMOTE_CODE_EXECUTION (MEDIUM): The workflow involves the agent writing TypeScript implementation files and then executing them via the dzx server, a pattern that enables dynamic execution of generated code.
- EXTERNAL_DOWNLOADS (LOW): The skill references and utilizes the '@dwizi/dzx' package. This organization is not included in the pre-verified trusted sources list, making the dependency unverifiable.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). 1. Ingestion points: Reads from the 'tools/' directory and processes user-provided tool descriptions. 2. Boundary markers: Absent; there are no instructions to ignore embedded commands in the files it reads. 3. Capability inventory: Includes filesystem writes ('tools/my-tool.ts') and shell command execution ('dzx dev'). 4. Sanitization: Absent; the skill does not specify validation or escaping of user input before writing code.
Audit Metadata