coze-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided descriptions and JSON configurations to generate executable Python scripts and markdown files. An attacker providing a malicious configuration could inject code or misleading instructions into the generated artifacts. \n
- Ingestion points: Demand descriptions and JSON configuration files processed by
scripts/generate_skill.py. \n - Boundary markers: No explicit delimiters are used in the templates (e.g.,
python-script.py) to separate generated content from user input. \n - Capability inventory: Writing files to the file system via
scripts/generate_skill.py. \n - Sanitization: Regex validation in
assets/templates/schema.jsonlimits function names to valid Python identifiers, but no sanitization is applied tosystemcommands,assetscontent, orreferencescontent.\n- [COMMAND_EXECUTION]: The supported configuration schema allows users to define 'system' dependencies, which translate directly to shell commands in the generated skill's documentation and setup instructions. This enables the creation of skills that perform arbitrary command execution during initialization.
Audit Metadata