ask-skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface because it is designed to autonomously generate new skill files and update documentation based on untrusted user input.
- Ingestion points: User requests defining the purpose, name, and instructions for a new skill are ingested as context for the agent's file generation tasks.
- Boundary markers: The protocol lacks explicit delimiters or specific instructions to sanitize user input or prevent the agent from executing instructions that may be embedded within the provided skill description.
- Capability inventory: The skill directs the agent to perform file system operations, including creating new directories and writing files (SKILL.md, skill.yaml, README.md), as well as modifying the repository's root README.md.
- Sanitization: While naming conventions restrict the skill name to a safe character set (kebab-case), the content of the generated files is not validated, potentially allowing for the propagation of malicious instructions into the repository.
- [COMMAND_EXECUTION]: The documentation references a command-line tool named
askfor administrative functions such as creating, copying, and syncing skills, which implies the execution of local system commands to manage the repository environment.
Audit Metadata