skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (MEDIUM): The file 'references/persuasion-principles.md' provides a detailed framework for using psychological triggers like 'Authority', 'Commitment', and 'Scarcity' to force AI compliance. It advocates for the use of absolute imperatives ('YOU MUST', 'No exceptions', 'Delete it. Start over.') specifically designed to eliminate an agent's internal rationalization or deviation. These techniques are characteristic of instruction-override attacks and prompt injections.
- [Command Execution] (MEDIUM): The skill guides the agent through a process of generating and executing code based on external input, creating a vulnerability to indirect injection.
- Ingestion points: User input in 'Step 1' regarding usage scenarios and triggering conditions.
- Boundary markers: Absent; the skill does not instruct on the use of delimiters or 'ignore embedded instructions' warnings for user data.
- Capability inventory: File system access and shell execution (zip packaging) in 'Step 5', plus arbitrary Python/Bash script execution via the 'scripts/' directory.
- Sanitization: Absent; the guide focuses on achieving compliance with user scenarios ('GREEN' state) without mentioning input validation or sanitization of the scripts or triggers.
Audit Metadata