create-agent
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
init_agent.pyandvalidate_agent.py) to automate the scaffolding and structure validation of new agents. These scripts use standard Python libraries and are located within the skill package. - [SAFE]: The
validate_agent.pyscript utilizesyaml.safe_load()to process agent frontmatter, which is a recommended security practice to prevent arbitrary code execution during the parsing of YAML data. - [DATA_EXFILTRATION]: The skill performs local file system operations, including reading and writing markdown files within standard locations like
~/.claude/agents/and.claude/skills/. These operations are limited to the user's configuration paths and are required for the skill's primary management tasks. - [PROMPT_INJECTION]: The skill contains a minor surface for indirect prompt injection as it searches and reads existing agent and skill files to check for conflicts and domain patterns. 1. Ingestion points:
SKILL.mdPhase 1, Step 6 usesGlobto read existing files. 2. Boundary markers: Absent. 3. Capability inventory:init_agent.pyperforms file writes andSKILL.mdinitiates script execution. 4. Sanitization: Absent for the contents of the scanned files. This risk is considered negligible as it is inherent to the skill's primary purpose of agent management.
Audit Metadata