Skills
skills/elastic/elastic-docs-skills/create-skill/Gen Agent Trust Hub

create-skill

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests broad shell permissions for git, gh, mkdir, and ls commands. This enables the agent to automate the contribution workflow by creating branches, committing changes, and pushing code to the Elastic GitHub repository.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it generates new skill definitions and test cases based on user-provided descriptions.
  • Ingestion points: User input collected via AskUserQuestion during the goal-setting and detail-collection phases.
  • Boundary markers: Absent. There are no instructions or delimiters specified to isolate the user's descriptive input from the prompt logic being generated.
  • Capability inventory: The skill has Write access to the filesystem and Bash access for repository management and pull request creation.
  • Sanitization: User input is incorporated into the generated SKILL.md and evals.json files without explicit validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:10 PM