building-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a restricted tool policy by allowing the Bash tool only for the mkdir operation, which minimizes the risk of arbitrary command execution.
- [EXTERNAL_DOWNLOADS]: The WebFetch tool is enabled to allow the research agent to collect information from external web resources when investigating skill patterns or domain knowledge.
- [PROMPT_INJECTION]: The skill's architecture creates an indirect prompt injection surface by passing user-supplied specifications to secondary agents.
- Ingestion points: User-provided descriptions or specification files are ingested through the $ARGUMENTS variable.
- Boundary markers: There are no defined delimiters or 'ignore' instructions used when interpolating these specifications into the prompts for research and drafting agents.
- Capability inventory: The skill has the capability to write files (Write, MultiEdit), fetch web content (WebFetch), and spawn additional agents (Task).
- Sanitization: The skill does not perform any validation or sanitization of user-provided specifications before passing them to the task agents.
- [REMOTE_CODE_EXECUTION]: The reference documentation in references/format-spec.md describes the !command syntax, a platform feature that allows shell commands to be executed automatically when a skill is loaded by the agent.
Audit Metadata