skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script (
scripts/validate-metadata.py) to validate metadata, which is a legitimate part of the skill's authoring workflow and represents intended vendor functionality. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface (Category 8) where user-provided metadata is interpolated into a shell command. Ingestion points: Metadata placeholders
nameanddescriptionwithinSKILL.md. Boundary markers: The command template employs double quotes to encapsulate inputs. Capability inventory: Execution of a bundled Python script via a subprocess. Sanitization: There is no explicit sanitization or escaping of the input strings performed within the skill instructions before they are passed to the shell.
Audit Metadata