skill-creator-anthropic
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses metadata poisoning by claiming 'Anthropic' as the author in the SKILL.md frontmatter, whereas the actual vendor is identified as 'lawvable'. This impersonation is a deceptive practice that may lead users or other AI agents to grant undue authority to the skill's instructions based on a false identity.
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pyperforms active file system operations, including creating new directories and writing executable files based on user-provided names and paths. It specifically sets execution permissions (chmod 0o755) on generated Python scripts. While standard for development tools, these capabilities provide a mechanism for local system manipulation that could be exploited if malicious inputs are processed.
Audit Metadata