Skills
skills/fusengine/agents/skill-creator/Gen Agent Trust Hub

skill-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection. The skill mandates fetching data from external URLs via research tools (SKILL.md, workflow.md). 1. Ingestion points: External documentation via research-expert and context7. 2. Boundary markers: Absent. 3. Capability inventory: Shell commands (mkdir, cp, rm, sed) and marketplace.json modification. 4. Sanitization: Absent. Malicious content in fetched docs could hijack the agent's workflow.
  • [COMMAND_EXECUTION] (MEDIUM): The skill provides explicit shell commands (mkdir, cp, rm, sed) for the agent to manage and adapt files (adaptation.md, SKILL.md). These capabilities are dangerous if manipulated by malicious input.
  • [REMOTE_CODE_EXECUTION] (HIGH): Using sed -i to modify local files based on instructions derived from untrusted external sources allows for potential injection of malicious code into new or existing skills.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:34 PM