company-creator
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone external git repositories provided by the user via URL or path to analyze their structure and content.\n- [COMMAND_EXECUTION]: The skill uses system shell commands including
git cloneandgit ls-remoteto interact with external version control systems during the repository analysis phase.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from external repositories (such as README files, source code, and existing skill configurations) and uses this content to generate instructions for new agents.\n - Ingestion points:
SKILL.md(Step 1: 'Clone/read the repo'),references/from-repo-guide.md('Analyze the repo').\n - Boundary markers: Absent; the instructions do not specify using delimiters or 'ignore embedded instructions' warnings when processing external repository content.\n
- Capability inventory: The skill uses
gitcommands and performs file system write operations to scaffold the company package. The generated agents may have access to various capabilities depending on the scaffolding.\n - Sanitization: Absent; the skill is directed to 'adapt' and 'preserve the intent' of discovered configurations without explicit sanitization or filtering of the input content.
Audit Metadata