write-a-skill
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a template generator for new instructions, creating an indirect prompt injection surface. \n
- Ingestion points: User requirements for new skills are collected during the gathering phase in
SKILL.mdand used to populate new skill files. \n - Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate user-provided content from the skill's logic. \n
- Capability inventory: The skill possesses capabilities to write files to the local system (
/Users/miguel.florido/Projects/skills) and execute Git commands (git commit) based on user-provided names and content. \n - Sanitization: No sanitization or validation of user input is specified before it is written to the filesystem as new skill instructions. \n- [COMMAND_EXECUTION]: The skill directs the agent to interact with the local operating system via the Git command-line interface. \n
- Evidence: Step 5 of the process in
SKILL.mdrequires the agent to execute a commit command with a user-influenced message.
Audit Metadata