create-ultimate-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches remote documentation from code.claude.com via a third-party proxy (markdown.new). While the proxy provider, Vercel, is a trusted organization, this remains a dependency on external content during execution.
- [COMMAND_EXECUTION] (LOW): The skill uses Bash to execute local Python scripts (
init_skill.pyandpackage_skill.py) for scaffolding and packaging. These scripts use standard Python libraries and perform legitimate operations within the user's skill directories. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) through its 'Review Mode'. Ingestion points: Reads SKILL.md and other files from arbitrary local paths provided by the user for review. Boundary markers: None; the skill does not explicitly instruct the agent to ignore instructions found within the reviewed files. Capability inventory: The skill possesses broad permissions (Bash, Write, WebFetch, Edit), which could be leveraged if a reviewed file contains malicious instructions. Sanitization: None; external skill content is read directly into the agent context for analysis.
Audit Metadata