skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to perform local file system operations, specifically zipping created skill directories and writing files to 'library/skills/', 'index.json', and 'usage-log.jsonl'.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes data from external sources like the web and local codebases.
- Ingestion points: The skill processes user intents, web search results for domain terminology, and project-specific codebase information to generate instructions.
- Boundary markers: There are no explicit instructions to use delimiters or 'ignore' directives to isolate external research data within the generated SKILL.md.
- Capability inventory: The skill has the capability to write and modify files on the local filesystem.
- Sanitization: No specific sanitization, filtering, or validation logic for external content is included in the behavioral instructions.
Audit Metadata