command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run
view .claude/skillsandview ~/.claude/skillsto discover relevant files. Executing shell commands to access the user's home directory (~/) is a sensitive operation that grants the agent visibility into the user's global environment. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted user input to define the purpose and arguments of a new command (Steps 1 and 5) and kemudian generates a command specification (Step 6).
- Ingestion points: Steps 1 and 5 (user interaction via SKILL.md).
- Boundary markers: None; the skill does not suggest using delimiters or warnings for the generated content.
- Capability inventory: The skill uses
view(read) and implies file writing/generation for the final specification. - Sanitization: None; the agent is not instructed to validate or escape user-provided descriptions before including them in the YAML/Markdown output.
- [DATA_EXPOSURE] (LOW): The use of relative path traversal (
../../commands/audit/js-ts-docs.md) in Step 6 encourages the agent to read files outside of its immediate skill directory, which could lead to unintended data exposure if the agent's environment is not strictly sandboxed.
Audit Metadata