skill-author
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is authorized to perform filesystem operations, specifically creating and updating files within the
skills/directory and associated subfolders (references/,assets/,scripts/). This behavior is directly aligned with its stated purpose of repository maintenance and skill drafting. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted user data to generate instructions for other skills.
- Ingestion points: User-provided prompts, existing draft files, repository documentation (
README.md), and potentially screenshots. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' headers when interpolating user content into generated skill files.
- Capability inventory: File system write access to the
skills/directory and its sub-resources. - Sanitization: There are no explicit mechanisms described for sanitizing or validating user-provided prompts before they are written into persistent skill files.
Audit Metadata