create-command
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill provides instructions for creating commands that accept and process user-provided arguments ($ARGUMENTS, $1, $2). This creates an attack surface where malicious input could influence the command's execution if not properly sanitized or delimited.\n
- Ingestion points: Arguments passed to slash commands (documented in SKILL.md).\n
- Boundary markers: None specified in the provided command templates.\n
- Capability inventory: Resulting commands can perform file reads (@prefix) and shell execution (!prefix).\n
- Sanitization: No sanitization or validation logic is included in the templates.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill documents methods for commands to access the local file system using the '@' prefix and mentions locations like '~/.claude/commands/'. While this is a core feature for providing context, it permits access to potentially sensitive local data.\n- [DYNAMIC_EXECUTION]: The skill describes how to implement dynamic shell execution within custom commands using the '!' prefix. Although it mentions the 'allowed-tools' field to restrict permissions, this capability enables commands to interact directly with the operating system.
Audit Metadata