agent-creation
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs an 'Analysis Mode' that ingests data from external project files such as
package.json,README.md, and CI/CD configurations. This creates a surface for indirect prompt injection where malicious instructions embedded in a project's documentation could attempt to influence the agent's output. The skill mitigates this by requiring the agent to confirm findings with the user before generating the final definition. - Ingestion points:
package.json,README.md,tsconfig.json,.github/workflows/, and existingAGENTS.mdfiles (referenced inSKILL.md). - Boundary markers: The skill does not explicitly define delimiters for extracted content but mandates a user confirmation step ('Does this look correct?') before final writing.
- Capability inventory: The skill performs file system reads and writes, and directory creation (
mkdir). - Sanitization: No explicit sanitization of extracted strings is described beyond the user confirmation loop.
- [COMMAND_EXECUTION]: The skill automates the creation of a specific directory structure (
mkdir presets/{project-name}) and generatesAGENTS.mdfiles that contain instructions for dynamic skill discovery. These instructions guide future agents to list and read from model-specific directories (e.g.,.{model}/skills/). This is a fundamental feature of the framework's architecture for loading task-specific instructions dynamically from the local file system.
Audit Metadata