skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pyperforms filesystem management and permission modifications. - It creates directory structures using
Path.mkdirbased on a user-provided path and skill name. - It generates boilerplate markdown and Python files using
Path.write_text. - It modifies file permissions of generated example scripts to set them as executable using
os.chmod. - The script
scripts/package_skill.pyreads a directory tree and generates a compressed ZIP archive. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface where user-provided input is used in script generation.
- Ingestion points: The
skill_nameargument inscripts/init_skill.pyis interpolated directly into templates forSKILL.mdandexample.py. - Boundary markers: There are no boundary markers or delimiters around the interpolated
skill_nameto prevent it from containing instructions that might be interpreted by the agent during subsequent use of the generated skill. - Capability inventory: The skill allows for recursive filesystem writes and the creation of executable files.
- Sanitization: No input sanitization is performed on the
skill_nameidentifier before it is used to construct file paths and template contents in the initialization script.
Audit Metadata