erc8004-agent-creator
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in 'SKILL.md' direct the agent to run 'npx create-8004-agent'. This command downloads a package from the NPM registry maintained by 'Eversmile12', a third-party developer not included in the trusted vendors list. Running unverified packages from third-party repositories presents a supply chain risk.
- [REMOTE_CODE_EXECUTION]: Execution of 'npx create-8004-agent' involves running remote code fetched at runtime. While project scaffolding is the skill's primary purpose, the reliance on a third-party, non-trusted CLI tool qualifies as remote code execution from an unverified source.
- [COMMAND_EXECUTION]: The skill executes shell commands and a Python patch script. The script 'scripts/patch_anthropic.py' takes a 'projectDir' argument from the command line and uses it to construct file paths (e.g., 'Path.cwd() / projectDir / "src" / "agent.ts"') without validation or sanitization. This is a directory traversal vulnerability that could allow the script to overwrite files outside the intended project directory if a malicious path (e.g., "../../") is provided. This surface area also enables Indirect Prompt Injection risks.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: User-provided parameters such as 'projectDir', 'agentName', and 'agentDescription' in 'SKILL.md'.
- Boundary markers: None identified in the prompt templates or execution steps.
- Capability inventory: Execution of 'npx' (command execution) and 'python' scripts that perform file writes ('write_text' in 'scripts/patch_anthropic.py').
- Sanitization: None. Inputs are passed directly to CLI tools and scripts.
Audit Metadata