writing-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user descriptions to generate new skill files and instructions.\n
- Ingestion points: User input regarding skill purpose, triggers, and functional logic is collected during the intake phase (SKILL.md Step 0).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating user data into the generated SKILL.md template.\n
- Capability inventory: The skill is capable of writing files to the local file system (SKILL.md, agents/openai.yaml, scripts/) and executing shell commands via node and npx for validation (Step 5).\n
- Sanitization: User-provided strings are incorporated into the output files without sanitization or structural validation to prevent malicious instruction injection.\n- [EXTERNAL_DOWNLOADS]: Fetches and runs packages from the npm registry using npx (specifically skillcheck and agnix) and installs dependencies via npm install if not already present in the workspace.\n- [COMMAND_EXECUTION]: Executes shell commands including node, npm, and npx to build project components and perform automated validation checks on the skill directory.
Audit Metadata