role-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
agent-teamCLI to generate role packages, passing user-provided strings for descriptions, goals, and scopes as command-line arguments. This presents a surface for command injection if inputs contain shell metacharacters.\n- [EXTERNAL_DOWNLOADS]: It enables the discovery and installation of external skill packages from third-party repositories, such asantfu/skills, which are not included in the trusted vendor list.\n- [REMOTE_CODE_EXECUTION]: The skill is designed to install and subsequently execute code from external sources to complete tasks, which constitutes the execution of unverified third-party code.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of untrusted user data for role definitions.\n - Ingestion points: User input for role
description,system-goal, andin-scope/out-of-scopeboundaries.\n - Boundary markers: No delimiters or safety instructions are used to wrap these inputs in the command templates.\n
- Capability inventory: Capabilities include local shell command execution and dynamic package installation/execution.\n
- Sanitization: There is no evidence of input validation or shell-escaping for the fields approved during the brainstorming process.
Audit Metadata