create-agent-skills
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and provides workflows for executing shell commands and scripts (Bash, Python, Node.js) to automate tasks. These operations are restricted to the local environment and follow explicit user-guided workflows.
- [EXTERNAL_DOWNLOADS]: Instructions include installing standard, well-known libraries (e.g., pdfplumber, pypdf, gh CLI) from official registries. References point to trusted documentation sites and the official anthropics/skills repository.
- [CREDENTIALS_UNSAFE]: The skill contains a dedicated reference file that explicitly teaches how to avoid exposing API keys in chat by using a local wrapper script and environment variables stored in .env files.
- [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for data ingestion and mitigates risks by mandating boundary markers (XML tags), success criteria, and validation loops for all generated content.
Audit Metadata