skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): Indirect Prompt Injection Surface. The skill is designed to ingest external content (e.g., API documentation) and transform it into skill artifacts, including executable scripts. * Ingestion points: User-provided documentation, text, or URLs referenced in the inputs and usage examples (e.g., 'API 文档'). * Boundary markers: None specified in the SKILL.md to delimit untrusted data. * Capability inventory: The skill is capable of generating 'scripts/', 'SKILL.md', and 'references/' files based on the input. * Sanitization: There is no evidence of sanitization or filtering for instructions embedded within the processed external content.
- [Command Execution] (MEDIUM): Local execution path in metadata. The 'verification' field specifies running 'node .claude/scripts/sfc_lint.mjs'. While intended for linting, this defines a path for local code execution within the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata