template-creator
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script scripts/main.cjs is vulnerable to directory traversal because it does not sanitize the category input before using it in path.join() to determine the output directory. This could be exploited to write files to arbitrary locations within the filesystem if an attacker influences the skill input.
- [EXTERNAL_DOWNLOADS]: The skill requires research from external sites including arXiv and Exa to inform template design, which involves remote data fetching via WebFetch and search tools.
- [PROMPT_INJECTION]: The skill documentation recognizes prompt injection risks and explicitly mandates sanitization of placeholders in spawn templates (SEC-TC-001) to prevent user-provided content from overriding agent instructions.
Audit Metadata