Skills
skills/melodic-software/claude-code-plugins/create-skill/Gen Agent Trust Hub

create-skill

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses user input ($ARGUMENTS) in the command mkdir -p .claude/skills/$ARGUMENTS. While the Bash tool is restricted to mkdir, this pattern is vulnerable to path traversal (e.g., ../../) if the input is not strictly validated, potentially allowing directory creation in unauthorized locations.\n- [COMMAND_EXECUTION]: The Write tool is used to create files at paths derived from user input (.claude/skills/$ARGUMENTS/SKILL.md). This allows for potential path traversal, which could lead to writing files outside the intended skill directory if the kebab-case naming convention is not enforced.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:21 AM