create-template
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. Step 4 instructs the agent to read existing templates in the vault as a reference. If an attacker places a template with embedded instructions in the vault, the agent may follow those instructions while 'referencing' the file. This is particularly dangerous because Step 6 permits the agent to modify 'CLAUDE.md', a file often used to store project-level instructions and safety guidelines for AI agents, potentially allowing for persistent behavior modification.
- COMMAND_EXECUTION (MEDIUM): The skill performs file system write operations in Step 5 and Step 6. It creates new files and updates existing project documentation. If the user-provided 'Category' or 'Filename' arguments are not strictly validated, it could lead to path traversal or overwriting of unintended files within the vault.
Recommendations
- AI detected serious security threats
Audit Metadata