skills-creation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard CLI tools for repository maintenance, including directory listing (
ls), file inspection (cat), and git operations (git add,git commit).- [COMMAND_EXECUTION]: It utilizes vendor-specific NPM scripts (npm run skills:sync) andnpx tsxfor synchronization and executing companion scripts within the repository context.- [PROMPT_INJECTION]: The skill acts as a meta-tool that ingests user requirements to generate other skill content. While this creates a surface for indirect prompt injection, it is the primary intended function of the skill and is handled within a controlled developer environment. - Ingestion points: Phase 1 (Discovery) where user input is gathered to define the purpose and capabilities of new skills.
- Boundary markers: Absent; the instructions do not specify the use of delimiters for user-provided prose.
- Capability inventory: File system write access to
.skills/internal/, git command execution, and local script execution via npm. - Sanitization: Absent; the skill does not specify validation or filtering of user-supplied content before it is committed to the repository.- [SAFE]: The skill includes strong security guidelines for 'Companion Scripts', explicitly requiring that they remain local-only with no network access or authentication requirements, which prevents data exfiltration.
Audit Metadata