Skills
skills/henkisdabro/wookstar-claude-plugins/create-ultimate-skill/Gen Agent Trust Hub

create-ultimate-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection during its review and documentation fetching phases. It ingests untrusted data from external sources and processes it while having access to powerful system tools.\n
  • Ingestion points: Documentation fetched via WebFetch (Phase 3) and existing SKILL.md files read during "Skill Review Mode".\n
  • Boundary markers: None identified; untrusted content is directly integrated into the agent's context.\n
  • Capability inventory: Bash, Write, Edit, Task, WebFetch, AskUserQuestion.\n
  • Sanitization: No validation or sanitization is performed on the content of files being reviewed.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs a WebFetch to markdown.new, an unverified third-party proxy service, to retrieve official documentation. This creates a supply chain risk where the proxy could inject malicious instructions or redirect the agent to harmful content.\n- [COMMAND_EXECUTION] (MEDIUM): The skill uses the Bash tool to run local Python scripts (init_skill.py) and generates new executable scripts (example.py) with 0o755 permissions. While intended for development, this pattern facilitates the execution of code that could be manipulated by other malicious inputs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:30 PM