skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The script
scripts/init_skill.tsuses unsanitized input fromprocess.argv[2]to construct filesystem paths viapath.join(). This allows for path traversal attacks where a malicious skill name (e.g.,../../target) could result in directory creation or file writes outside the intended.skills/directory. - Indirect Prompt Injection (LOW): The skill ingests untrusted user input to generate instructions for future agent tasks, creating a vulnerability surface. * Ingestion points:
skillNameargument ininit_skill.ts. * Boundary markers: Absent. * Capability inventory:mkdir(recursive) andwriteFile(filesystem modification). * Sanitization: Absent; the script does not validate or escape the provided name.
Audit Metadata