skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local utility scripts (
scripts/init_skill.pyandscripts/package_skill.py) to manage the skill creation lifecycle. These are standard development tools provided within the vendor's environment. - [PROMPT_INJECTION]: The skill describes a workflow that presents an indirect prompt injection surface by converting untrusted user examples into persistent instructions and code. 1. Ingestion points: User-provided examples are ingested during the 'Understanding the Skill' phase (Step 1). 2. Boundary markers: The generated output instructions for new skills do not include boundary markers or delimiters to isolate user-derived content. 3. Capability inventory: The skill architecture supports the generation and execution of Python and Bash scripts, as well as the creation of system-level instructions in SKILL.md. 4. Sanitization: There is no guidance provided for sanitizing or validating user input before it is incorporated into the body of the generated skill files.
Audit Metadata