skill-creator
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pygenerates an executable boilerplate script (example.py) by injecting the user-suppliedskill_namedirectly into a Python template via string formatting. This lack of sanitization allows for arbitrary code injection into the generated file if a malicious skill name is used.- [COMMAND_EXECUTION]: Thescripts/init_skill.pyscript programmatically modifies file permissions to executable (chmod 755) for the boilerplate script it generates.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-provided skill files during validation and packaging. - Ingestion points:
scripts/quick_validate.pyandscripts/package_skill.pyread and parseSKILL.mdand other directory contents. - Boundary markers: The skill does not use protective delimiters or specific instructions to ignore embedded prompts within the files it processes.
- Capability inventory: The toolset has the capability to create directories, write files, modify permissions, and create ZIP archives.
- Sanitization: Validation is limited to regex-based format checks for specific metadata fields and does not include sanitization of the file bodies.- [COMMAND_EXECUTION]: The scripts
scripts/init_skill.pyandscripts/package_skill.pyaccept arbitrary file paths from command-line arguments and perform file system operations (read, write, mkdir) at those locations without strict path validation or restriction.
Audit Metadata