commands-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill documents how to execute bash commands using the
!prefix and lifecycle hooks. While these are intended features of Claude Code, they enable arbitrary command execution on the host system. The documentation includes security guidance on usingallowed-toolsto restrict these capabilities. - [PROMPT_INJECTION] (LOW): The skill facilitates the creation of commands that process untrusted input via positional arguments ($1, $2) and bash command output. This establishes a surface for indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: Positional arguments and bash output (
references/syntax-and-arguments.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, and Write tools (references/frontmatter-reference.md). 4. Sanitization: Absent.
Audit Metadata