team-builder
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with the
Bash,Write, andEdittools, which it uses to programmatically create newSKILL.mdfiles in the.claude/skills/directory. This allows the skill to persist new executable instructions that remain across sessions. - [COMMAND_EXECUTION]: The workflow incorporates
GlobandBashshell commands (e.g.,find) to inspect and map the contents of the local skill library. - [PROMPT_INJECTION]: The 'Skill Creation Workflow' represents a significant indirect prompt injection surface. Because the skill creates new instruction sets based on identified 'gaps' or user requests, an attacker could potentially influence the creation of a malicious skill. Evidence Chain: 1) Ingestion points: The skill reads existing skill definitions from the filesystem via
Glob. 2) Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions embedded in the data it processes. 3) Capability inventory: The skill has the ability to useBash,Write, andEditto modify the agent's operating environment. 4) Sanitization: There is no evidence of sanitization or validation of the input used to generate the content of the newSKILL.mdfiles.
Audit Metadata