skill-creator
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python snippets to create directories and write files to the instances directory based on user-provided skill names.
- [COMMAND_EXECUTION]: The skill programmatically updates the skill_registry.yaml file to enable and register new skills within the system.
- [EXTERNAL_DOWNLOADS]: The skill guides the agent to install external Python packages and system dependencies using pip and other package managers.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: User-provided skill descriptions, workflow captures, and task instructions. 2. Boundary markers: Absent; user content is directly interpolated into the SKILL.md template. 3. Capability inventory: File system write access, directory management, and configuration registry modification. 4. Sanitization: Absent; the provided scripts do not validate or sanitize user input before persistence.
Audit Metadata