creating-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant surface for Indirect Prompt Injection. The skill is designed to take untrusted user requests and turn them into structured expertise, including scripts and packaging logic.
- Ingestion points: User requests to 'create/update skills' or 'extend capabilities' (SKILL.md).
- Boundary markers: Absent. No instructions are provided to the agent to delimit or sanitize user-originated text before placing it into scripts or instructions.
- Capability inventory: Shell access (
mkdir,zip,git), file creation, and provisioning download links viacomputer:///(SKILL.md). - Sanitization: None. There is no requirement to validate the safety of user-requested scripts or logic.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides explicit command-line templates for the agent to manage the local file system and package data.
- Evidence: SKILL.md line 35 (
mkdir -p), line 172 (zip -r), line 179 (unzip -l), and line 196 (git init). While these are common for skill development, they represent a risk if theskill-namevariable or file content is influenced by a malicious prompt.
Recommendations
- AI detected serious security threats
Audit Metadata