grey-haven-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes a local script
scripts/init_skill.pythat the agent executes to automate project setup. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface where user-provided inputs are used as script arguments. 1. Ingestion points:
sys.argvinscripts/init_skill.pytriggered by instructions inSKILL.md. 2. Boundary markers: Absent in the execution instructions. 3. Capability inventory: The script can create directories and write files to the filesystem using theBashtool. 4. Sanitization: The script usespathlib.Path.resolve()for basic path handling but does not implement strict validation on theskill_nameinput.
Audit Metadata