Skills
skills/everyinc/compound-engineering-plugin/create-agent-skills/Gen Agent Trust Hub

create-agent-skills

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs various shell operations using bash, python, mkdir, and chmod to create and manage skill files and directories in ~/.claude/skills/. Examples include making scripts executable in workflows/add-script.md and initializing directory structures in workflows/create-new-skill.md.
  • [EXTERNAL_DOWNLOADS]: It uses WebSearch, WebFetch, and MCP tools like Context7 to research API documentation and verify the accuracy of skill content, as seen in workflows/create-new-skill.md and workflows/verify-skill.md.
  • [DATA_EXFILTRATION]: The skill's workflows and references (e.g., references/api-security.md) involve reading and managing local configuration files, specifically ~/.claude/.env, which contains service credentials. This access is part of a secure credential management protocol designed for the local environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes third-party skill files during audit and verification tasks (workflows/audit-skill.md), which is a known surface for indirect prompt injection. The skill manages this through structured analysis and verification of the ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 01:01 AM