cw-style-skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill exhibits a high-risk indirect prompt injection surface by ingesting untrusted data (user prose and style descriptions) to generate directive 'AI instructions' for downstream agents. This can lead to multi-step chain attacks where malicious input in a story chapter is promoted to a system-level instruction in the resulting style skill. • Ingestion points: User-provided prose and style descriptions (SKILL.md). • Boundary markers: Absent; no delimiting or instruction-filtering is applied to the generated output. • Capability inventory: Command execution (init_skill.py, package_skill.py) and file system modification (SKILL.md). • Sanitization: Absent.
- Command Execution (MEDIUM): The skill requires the execution of Python scripts from a system-level mount point (/mnt/skills/examples/skill-creator/scripts/). This is a high-privilege operation that relies on the integrity of the local environment scripts.
Recommendations
- AI detected serious security threats
Audit Metadata