skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill functions as a generator that takes user input to create new skill files. This is the primary purpose of the tool. It mitigates potential injection risks by utilizing structured templates and a mandatory validation phase (Phase 3) that checks the generated content for structural integrity. \n
- Ingestion points: User responses to the wizard questions in Phase 1 (SKILL.md). \n
- Boundary markers: The skill uses a template system (minimal-starter.md) with distinct placeholders for interpolation. \n
- Capability inventory: The skill utilizes the Write tool to create files and Bash to execute local validation scripts. \n
- Sanitization: Phase 3 explicitly runs validate_yaml.py to ensure the created skill adheres to security and format constraints.\n- [Command Execution] (SAFE): The skill uses the Bash tool to manage file directories and execute local Python scripts for validation and dependency management. These operations use environment-defined path variables (e.g., ${CLAUDE_PLUGIN_ROOT}) which is consistent with legitimate plugin behavior and does not involve downloading or executing untrusted code.
Audit Metadata