Skills
skills/maxoreric/sop-engine/create-skill/Gen Agent Trust Hub

create-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to ingest data from workspace/goal.md and workspace/research.md and transform it into new 'Skills' that the agent will treat as authoritative instructions.
  • Ingestion points: Data enters from the workspace directory, which typically contains untrusted or attacker-influenced content.
  • Boundary markers: Absent. The workflow does not specify the use of delimiters or 'ignore' instructions when processing the input files.
  • Capability inventory: The skill writes new instructions to the .sop-engine/skills/ directory, which modifies the agent's long-term behavior and capabilities.
  • Sanitization: Absent. There is no validation or escaping of input content before it is used to define the logic of the generated skills. An attacker could inject malicious instructions into the goal file that would then be saved as a persistent skill.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:47 AM