skills-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [NO_CODE]: The analyzed skill consists entirely of Markdown files (SKILL.md, REFERENCE.md, TEMPLATES.md) and does not include any executable scripts, binaries, or active code components.
- [EXTERNAL_DOWNLOADS]: The documentation references external resources such as the 'skills-ref' CLI tool and mentions standard Python packages like 'pdfplumber', 'PyPDF2', 'pandas', and 'numpy' within its templates as potential dependencies for user-created skills.
- [COMMAND_EXECUTION]: The instructions guide the agent to perform basic filesystem operations such as 'mkdir' and 'cat' to create and inspect skill structures, which is consistent with its intended administrative purpose.
- [PROMPT_INJECTION]: The skill functions as a template generator that processes user requirements to create new skill instructions. This presents an indirect prompt injection surface where untrusted user input could influence generated content. Ingestion points: User requirements for skill generation. Boundary markers: Absent. Capability inventory: Filesystem operations and Bash execution. Sanitization: Not explicitly implemented.
Audit Metadata