rule-creator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of local shell commands, specifically 'pnpm index-rules' and 'node .claude/tools/cli/validate-integration.cjs', to maintain the project's rule catalog and ensure consistent integration of new artifacts.
- [EXTERNAL_DOWNLOADS]: The skill initiates network requests to well-known services including Exa and arXiv to research best practices and academic papers for rule implementation patterns.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by saving untrusted user content into rules that are automatically loaded into the agent's context.
- Ingestion points: Data enters through the 'args.content' parameter in the skill definition and the main execution script.
- Boundary markers: No markdown delimiters or 'ignore' instructions are used to wrap the user-provided rule content when writing to the filesystem.
- Capability inventory: The skill has the capability to write files to the '.claude/rules/' directory and execute local shell commands for indexing.
- Sanitization: No sanitization or validation of the rule content is performed to prevent the inclusion of malicious or overriding instructions.
Audit Metadata