skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No evidence of instructions attempting to bypass safety filters, override system prompts, or disregard previous instructions.
- DATA_EXFILTRATION (SAFE): The skill does not contain any network operations (curl, wget, fetch) or access to sensitive local files (secrets, credentials, SSH keys).
- REMOTE_CODE_EXECUTION (SAFE): No remote scripts are downloaded or executed. The skill only provides static text templates and examples.
- COMMAND_EXECUTION (LOW): While the documentation includes examples of filesystem commands like
mkdirandtouch, these are intended for documentation structure and are not executed by the skill itself in a malicious context. - INDIRECT_PROMPT_INJECTION (INFO): The skill processes user-provided descriptions to generate templates. While the output could potentially contain user-provided text, the skill does not execute the generated content or provide high-privilege capabilities that would make this an active vulnerability.
Audit Metadata