Skills
skills/oimiragieo/agent-studio/agent-creator/Gen Agent Trust Hub

agent-creator

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/main.cjs modifies local .cjs routing files by injecting the name and description variables directly into Javascript code strings. Since these variables are not sanitized for Javascript control characters like single quotes, an attacker could potentially inject arbitrary code that executes when the routing tables are loaded by the system.
  • [COMMAND_EXECUTION]: The skill uses node:child_process.spawnSync to execute local scripts and utilizes the Bash tool extensively for file manipulation and updating the project's routing infrastructure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: WebFetch operations from bls.gov and mymajors.com in SKILL.md. Boundary markers: Includes a 'Security Review Gate' (Step 2.5) but lacks programmatic enforcement. Capability inventory: Uses Bash, Write, Edit, and Task tools. Sanitization: Relies on manual AI instructions for scanning rather than code-level validation.
  • [DATA_EXFILTRATION]: The skill performs extensive read and write operations within the sensitive .claude/ directory, including routing tables (routing-table-intent-keywords.cjs) and memory files, which contain core operational logic and project metadata.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 03:05 PM