project-skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by accepting arbitrary text for the purpose and workflow of a new skill and writing it directly to a file that the agent will later treat as instructions.
- Ingestion points: User-provided input for the 'purpose/description' and 'triggers/examples' fields is captured in file SKILL.md.
- Boundary markers: The generated skill file uses standard Markdown headers but lacks specific delimiters or guardrail instructions to prevent the agent from obeying malicious commands embedded in those sections.
- Capability inventory: The skill utilizes the 'Write' tool to create new files on the local filesystem and 'Read'/'Glob' to inspect existing directories (as seen in the SKILL.md metadata).
- Sanitization: Filenames are normalized to kebab-case to prevent directory traversal; however, the body content of the generated skill file is interpolated without escaping or validation.
Audit Metadata