agent-creator
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the official sub-agent specification from 'https://docs.openhands.dev/sdk/guides/agent-file-based'. This is a trusted vendor resource used to ensure generated agents adhere to the latest SDK requirements.
- [COMMAND_EXECUTION]: The skill performs file system write operations to save generated agent files into specific project or user directories (e.g., '.agents/agents/'). This functionality is the primary intended purpose of the skill.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it processes untrusted user input and external documentation to generate system prompts for new agents.
- Ingestion points: User responses during the requirements interview; external documentation fetched from 'docs.openhands.dev'.
- Boundary markers: The skill lacks explicit boundary markers for the generated content, though it requires multiple explicit human-in-the-loop confirmations before finalization.
- Capability inventory: Writing files to the local system.
- Sanitization: No explicit sanitization or filtering of input data is defined in the workflow instructions.
Audit Metadata