create-command
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: User-provided
<command-name>and<description>are used to construct the content of new markdown files in the local filesystem. - Boundary markers: The skill does not implement delimiters or instructions for the agent to ignore content within the generated files.
- Capability inventory: The skill utilizes file-writing capabilities to create files in
.cursor/commands/and.claude/commands/trellis/. - Sanitization: No validation or escaping is applied to the user-supplied description before it is written to the markdown files, which could allow a user to inject malicious instructions that are interpreted by the agent during future command execution.
Audit Metadata