Skills
skills/oimiragieo/agent-studio/tool-creator/Gen Agent Trust Hub

tool-creator

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's instructions guide the agent to apply execution permissions (chmod 755) to dynamically created script files using the Bash tool.
  • [REMOTE_CODE_EXECUTION]: The skill generates and writes executable .cjs files by interpolating a user-provided implementation string into a template. This allows for the persistent storage and subsequent execution of arbitrary code within the framework's tools directory.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting an implementation argument without sanitization or validation before writing it to an executable file.
  • Ingestion points: The implementation parameter in the createTool function within scripts/main.cjs and the args.implementation defined in SKILL.md.
  • Boundary markers: No explicit delimiters, escaping, or guardrail instructions are used when interpolating the implementation string into the JavaScript template.
  • Capability inventory: The skill utilizes Write and Bash capabilities to create and authorize executable tools.
  • Sanitization: The skill lacks code-level validation or sanitization for the provided implementation string.
  • [REMOTE_CODE_EXECUTION]: The skill references local utility scripts (e.g., .claude/lib/creator-commons.cjs) for integration and validation which are external to the analyzed skill package, making their specific logic unverifiable in this context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 12:38 AM