create-skill
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The task skill template includes instructions to install the 'uv' tool from its official domain (astral.sh). This targets a well-known technology provider and is documented neutrally as a safe prerequisite.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the creation of task-based skills that execute Python scripts via 'uv run'. It also provides templates recommending dynamic module loading via 'sys.path.insert' for internal skill integration, which is part of the architectural design.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it constructs instructional files (skills) based on untrusted user requirements.
- Ingestion points: User requirements for skill purpose and logic are gathered in Step 1 of SKILL.md.
- Boundary markers: No specific delimiters are used to isolate user-provided text within the generated SKILL.md files.
- Capability inventory: The skill possesses the capability to write files to the local filesystem during the creation process (Step 9).
- Sanitization: User input is interpolated into templates without validation or escaping, allowing potentially malicious instructions to be persisted in newly created skills.
Audit Metadata