create-skill
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill generates new agent instructions (SKILL.md files) based on conversational user input, which creates a surface for indirect prompt injection where malicious instructions could be saved as persistent agent behaviors. * Ingestion points: User input during the conversational skill creation process (Step 1). * Boundary markers: Absent; the instructions do not require the agent to sanitize or wrap user input in protective delimiters within the generated files. * Capability inventory: File writing to project-level and global configuration directories. * Sanitization: No sanitization or validation of user-provided content is performed before file creation.
- [COMMAND_EXECUTION]: The skill directs the agent to perform filesystem write operations to specific paths, including global configuration directories (~/.claude/skills/). While this is the intended purpose of the skill, it functions as a persistence mechanism that modifies agent behavior across sessions.
Audit Metadata