autonomous-skill-designer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Remote Code Execution / Dynamic Execution] (CRITICAL): The skill explicitly claims the ability to 'Implements the necessary Node.js/Python scripts' and 'Installs and tests the new skill'. This constitutes autonomous code generation and execution at runtime based on high-level goals.
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user goals to define requirements for new skills. Because this input is used to generate and install executable code, it creates a direct path from untrusted natural language input to arbitrary code execution.
- Ingestion points: User's high-level goals (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: File writing (SKILL.md, scripts), process execution (tests), and skill installation (SKILL.md).
- Sanitization: Absent.
- [Data Exposure] (MEDIUM): The 'Knowledge Protocol' section mentions the integration of 'Confidential' and 'Personal' knowledge tiers, including 'secrets'. While the skill claims to prevent leaks, the capability to access and process high-value secrets within an autonomous code generation environment is a significant exposure risk.
Recommendations
- AI detected serious security threats
Audit Metadata