dev-skill-create
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Python scripts (
init_skill.py,package_skill.py,quick_validate.py) that are intended to be executed by the agent to perform local file system operations, such as creating directories, writing files, and generating archives. These scripts use standard library modules likepathlibandzipfilefor these operations. - [PROMPT_INJECTION]: The skill functions as a template generator that ingests user-provided metadata (name, description, path) to create new skill modules, which represents a surface for indirect prompt injection.
- Ingestion points: User input provided as command-line arguments to
init_skill.pyand descriptive text forSKILL.mdtemplates. - Boundary markers: The generated files use standard YAML and Markdown delimiters; however, they do not include specific instructions to ignore malicious content within the interpolated descriptions.
- Capability inventory: The provided scripts allow for file creation, directory management, permission modification (
chmod 0o755for new scripts), and ZIP packaging. - Sanitization: The
init_skill.pyscript validates skill names against a strict hyphen-case regex (^[a-z0-9-]+$) to prevent directory traversal or malformed identifiers. Additionally,quick_validate.pyutilizesyaml.safe_load()to ensure secure parsing of frontmatter.
Audit Metadata