skill-creation
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation and template generator for developing other skills. It does not perform any direct file system modifications (beyond generating the requested output), network exfiltration, or unauthorized command execution.
- [PROMPT_INJECTION]: No evidence of malicious instructions, role-play overrides, or attempts to bypass agent safety filters was found. The instructions focus entirely on the structured creation of skill metadata and documentation.
- [DATA_EXFILTRATION]: The skill does not access sensitive local file paths (such as .ssh, .aws, or .env) or attempt to transmit data to external servers.
- [REMOTE_CODE_EXECUTION]: No remote scripts are downloaded or executed. The skill relies on local markdown assets and templates provided within the skill folder.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface because it processes untrusted user prompts for conversion into skills (Ingestion point: SKILL.md Step 1). However, it includes a robust mitigation strategy via the 'Security Best Practices' asset which mandates treating external content as data rather than instructions and requires human-in-the-loop confirmation before acting on suggestions (Sanitization: SKILL.md Step 1 active user feedback loop).
Audit Metadata