skill-synthesizer
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard Unix utilities including
cat,jq,mkdir,cp,find,bc,grep, andtestto navigate the file system, validate JSON schemas, and construct new skill directories. - [DATA_EXPOSURE]: Accesses local workspace files such as
skill-plan.json,knowledge/*.json, andprocedures.jsonto extract the metadata and content necessary for skill synthesis. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests data from multiple source files and interpolates them into prompt templates.
- Ingestion points: Data is sourced from
skill-plan.json,knowledge/*.json, andchapters/*/procedures.jsonfiles within the project bundle. - Boundary markers: No explicit delimiters or instructions are used to separate ingested data from the generated instructions in the resulting skill files.
- Capability inventory: The skill can create new file structures and instructions through shell-based file manipulation commands.
- Sanitization: The skill validates that the input plan is approved and follows a specific JSON schema, but does not perform safety sanitization on the semantic content of the procedures or concepts being processed.
Audit Metadata