project-skill-writer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Python script (
scripts/init_skill.py) to automate the generation of skill files and directories. This script constructs filesystem paths directly from user-provided or inferred input, which could potentially lead to path traversal if not properly constrained by the calling agent.\n - Evidence: In
scripts/init_skill.py, thetarget_diris created usingpathlib.Path(args.output_root).resolve() / mapping["SKILL_NAME"], where the skill name can be derived from the user-provided problem description.\n- [PROMPT_INJECTION]: The skill is designed to process and analyze untrusted data, including arbitrary project files and user-defined problem statements, to generate instructions for new AI skills. This creates an attack surface for indirect prompt injection.\n - Ingestion points:
agents/project-scanner.mdandagents/convention-detector.mdare instructed to read and analyze project files recursively;SKILL.mdtakes user problem descriptions as input for skill design.\n - Boundary markers:
SKILL.md(L4: Validation) explicitly requires the agent to present the design to the user and wait for confirmation before generating any files.\n - Capability inventory: The agent has the capability to write files to the workspace and define new behaviors for the AI system.\n
- Sanitization: The
scripts/init_skill.pyhelper script includes basic filtering of common words but lacks robust sanitization to prevent the injection of malicious instructions or YAML frontmatter into the generated skill files.
Audit Metadata