skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to read and modify existing SKILL.md files which may contain malicious instructions. Ingestion points: Untrusted content is read from local SKILL.md files during the 'Update' and 'Validate' workflows. Boundary markers: Absent; there are no instructions for the agent to treat file content as data rather than instructions. Capability inventory: The skill uses high-privilege tools including Bash, Write, Edit, and Glob. Sanitization: Absent; the content of processed files is not validated or sanitized before being handled by the agent.
- [Command Execution] (MEDIUM): The skill relies on 'uv run' and 'Bash' to execute local Python scripts, which can be leveraged as an attack vector if the agent's logic is subverted through an indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata