command-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured instructions and markdown templates for creating configuration files. No malicious patterns, obfuscation, or unauthorized network activity were detected within the skill content.
- [COMMAND_EXECUTION]: The skill directs the agent to write markdown files to specific directories, such as
.claude/commands/or~/.claude/commands/. This is the primary intended function of the skill and aligns with the expected behavior of the Claude Code development tool. - [PROMPT_INJECTION]: The skill utilizes user input via the
$ARGUMENTSvariable to populate the generated command files. While this creates a surface for indirect prompt injection, it is a standard functional requirement for a templating tool. 1. Ingestion points: User input is captured via$ARGUMENTSin the 'Your Task' section. 2. Boundary markers: No explicit sanitization or delimiters are specified for the input. 3. Capability inventory: The agent is expected to use filesystem tools (Write/Bash) to create the command files. 4. Sanitization: The skill does not provide methods for validating or escaping the user-provided arguments before they are written to the command file.
Audit Metadata