skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-defined skill names and directory paths. It includes regex validation for skill names but does not perform explicit sanitization for directory traversal (e.g., checking for "../" sequences) on the provided paths. This relies on the host runtime's file system sandboxing for security.
- Ingestion points: input.path and input.skill_path are accessed in src/init_skill.ts, src/package_skill.ts, and src/validate_skill.ts.
- Boundary markers: User-provided inputs are interpolated into file system paths and instructions without specific escape delimiters.
- Capability inventory: The skill suggests file creation and permission changes (chmod +x) via instructions returned to the runtime.
- Sanitization: skill_name is restricted to hyphen-case via regex; no path normalization is performed on input.path.
- [DYNAMIC_EXECUTION]: The skill facilitates the generation of script templates (e.g., Python) and metadata. This is a core feature of the skill-creator and uses predefined templates rather than executing arbitrary code from external sources.
Audit Metadata