skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python script (scripts/quick_validate.py) to validate the structure of newly created skills. This is a standard part of the skill's utility and does not involve untrusted remote execution.- [DATA_EXFILTRATION]: The validation script reads local skill files to ensure compliance with the specification. No patterns for exfiltrating sensitive data to external domains were found.- [PROMPT_INJECTION]: The skill provides a mechanism for generating instructions based on user input, which presents a surface for indirect prompt injection. This is addressed through documentation on sanitization and structural boundaries.
- Ingestion points: User requirements and trigger phrases defined in SKILL.md.
- Boundary markers: Best practices in references/output-patterns.md and references/design-principles.md advocate for the use of structured formats and clear delimiters.
- Capability inventory: The skill performs local file reads (via the validation script) and creates new content files.
- Sanitization: The scripts/quick_validate.py script contains checks for disallowed characters (e.g., angle brackets) and validates field lengths to ensure metadata integrity.
Audit Metadata