create-slash-commands
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill is composed of markdown reference files (
references/arguments.mdandreferences/tool-restrictions.md) and contains no executable scripts, system instructions, or code files.- [Indirect Prompt Injection] (SAFE): The documentation defines a potential vulnerability surface by explaining how user-provided arguments are interpolated into prompts and shell commands. However, it also provides the direct mitigation (tool restrictions) for this surface. - Ingestion points: User-defined arguments ($ARGUMENTS, $1, etc.) referenced in references/arguments.md.
- Boundary markers: Documentation examples show direct interpolation without specific delimiters.
- Capability inventory: Bash, Read, Write, and Edit tools are mentioned as primary capabilities in references/tool-restrictions.md.
- Sanitization: Documentation indicates that arguments are passed 'as-is' without special parsing, while recommending tool whitelisting for security.
Audit Metadata