Skills
skills/fusengine/agents/agent-creator/Gen Agent Trust Hub

agent-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill provides templates and mandatory instructions for implementing validation hooks that execute shell scripts during file operations.
  • Evidence: SKILL.md and references/hooks.md detail the use of PreToolUse hooks to run bash ${CLAUDE_PLUGIN_ROOT}/scripts/validate-solid.sh before Write or Edit tools.
  • REMOTE_CODE_EXECUTION (HIGH): The skill directs the agent to generate its own executable logic and then execute it within the environment. This pattern allows for the persistent execution of arbitrary code via automated hooks.
  • Evidence: references/templates/hook-scripts.md provides several bash script templates designed to be written and executed by the agent.
  • PRIVILEGE_ESCALATION (MEDIUM): The skill repeatedly instructs the agent to modify file permissions to enable execution of generated scripts.
  • Evidence: chmod +x plugins/<plugin>/scripts/*.sh instructions in SKILL.md and references/templates/hook-scripts.md.
  • INDIRECT_PROMPT_INJECTION (HIGH): The skill creates an architecture where agents with 'Write' and 'Bash' capabilities ingest untrusted external data without sanitization.
  • Ingestion points: references/templates/agent-template.md specifies the use of mcp__exa__web_search_exa and mcp__context7__query-docs.
  • Boundary markers: Absent in the templates; external data is processed directly.
  • Capability inventory: Templates grant Write, Edit, and Bash tools by default.
  • Sanitization: No sanitization or validation of external content is present in the instruction set or hook logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:15 PM