skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to use shell commands like
catandechowithinresources/component-extraction.mdfor managing state and writing output files. These represent functional capabilities that interact with the local environment for session persistence.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external documents.\n - Ingestion points: External content is ingested via the
Read("$SOURCE_DOC")operation inresources/component-extraction.md.\n - Boundary markers: The skill uses markdown headers but lacks strict escaping or "ignore instructions" delimiters for the content extracted from
$SOURCE_DOC, which could allow malicious instructions in the source document to hijack the agent's flow.\n - Capability inventory: The agent has permission to read/write files and execute shell commands within its environment.\n
- Sanitization: No sanitization or verification of the ingested document content is performed before it is written to the session workspace.
Audit Metadata