Skills
skills/laguagu/claude-code-nextjs-skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation describes the use of established development tools and utilities. Examples in references/hooks.md and references/mcp.md illustrate the use of npx to execute formatters like prettier and official MCP servers from the @modelcontextprotocol organization. Additionally, references/ralph-loop.md provides instructions for installing the official ralph-loop plugin.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface in its initialization logic. Ingestion points: The scripts/init_skill.py script accepts a <skill-name> argument from the command line. Boundary markers: The generated templates do not include explicit delimiters or instructions to ignore embedded commands. Capability inventory: The skill performs file system operations including directory creation and file writing via scripts/init_skill.py, and file reading and ZIP archiving via scripts/package_skill.py. Sanitization: The user-provided skill name is interpolated directly into templates using Python's .format() method without sanitization of the input content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 01:58 AM