skill-creator-flagos
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The skill reads and analyzes existing SKILL.md files and associated resources in Mode 2 (Improve) and Mode 3 (Validate). These files are treated as data, which could contain malicious instructions designed to influence the agent's behavior during the improvement or validation process.\n
- Ingestion points: SKILL.md and supporting files in the skills/ directory.\n
- Boundary markers: None observed in the instructions for reading/analyzing files.\n
- Capability inventory: Filesystem access (Read, Write, Edit), shell command execution (Bash), and agent invocation (Agent).\n
- Sanitization: No explicit sanitization or validation of the content of the analyzed files is described.\n- [COMMAND_EXECUTION]: The skill performs filesystem operations and executes Python scripts using Bash. Specifically, it uses chmod +x to ensure scripts it creates or validates are executable. While chmod can be used for privilege escalation, its use here is restricted to the skill's own directory structure and is a standard requirement for developer tooling.
Audit Metadata