skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the creation of new instruction sets (SKILL.md files) based on user-provided descriptions and patterns, establishing a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context when the user asks to create a new skill, add agent instructions, or document patterns.
- Boundary markers: The provided template does not utilize explicit boundary markers (e.g., XML tags or specific delimiters) to separate user-provided descriptions from the generated skill's structural logic.
- Capability inventory: The skill is authorized to use file manipulation and system tools (Read, Edit, Write, Bash) to create and register the resulting skill files.
- Sanitization: There are no explicit instructions for the agent to sanitize, escape, or validate user-provided content before interpolating it into the final SKILL.md template.
- [SAFE]: The skill promotes secure development practices by explicitly instructing the agent to use local file paths for references instead of external web URLs, reducing the risk of unauthorized remote content loading.
- [SAFE]: The instructions provide clear naming conventions and structural requirements that improve the maintainability and auditability of the agent's extended capabilities.
- [SAFE]: The metadata and author attribution are consistent with the provided vendor context and standard agent skill specifications.
Audit Metadata