skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts and standard shell commands (
ls,grep,mkdir) as part of its documented workflow for skill discovery, creation, and validation. These operations are limited to the local file system within designated skill directories. - [PROMPT_INJECTION]: The skill possesses an ingestion surface for indirect prompt injection because it processes markdown files from the local file system.
- Ingestion points: The
discover_skills.pyandvalidate_skill.pyscripts readSKILL.mdfiles from the local skills directory. - Boundary markers: Absent. The scripts parse YAML frontmatter but do not wrap the content in protective delimiters before presentation to the agent.
- Capability inventory: The skill allows the execution of shell commands and local Python scripts, which are its primary tools for management.
- Sanitization: Absent. Content read from skill files is processed without validation or escaping, although the risk is mitigated by the skill's specific developer-focused use case.
- [SAFE]: No hardcoded credentials, sensitive file access (e.g., SSH/AWS keys), or remote code execution from untrusted network sources were identified. All included scripts are part of the skill's own package and perform legitimate management tasks.
Audit Metadata