company-creator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to clone and read content from untrusted external repositories (READMEs, configuration files, and existing skills) to guide its package creation process. 1. Ingestion points: Content is read from cloned repositories including README, package.json, and agent configurations as specified in references/from-repo-guide.md. 2. Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potentially malicious content within the analyzed files. 3. Capability inventory: The skill has the ability to write files to the filesystem and execute commands like git ls-remote. 4. Sanitization: There is no evidence of sanitization or validation of the content fetched from external repositories.
- [COMMAND_EXECUTION]: The skill executes the git ls-remote command to retrieve metadata from user-provided repository URLs.
- [EXTERNAL_DOWNLOADS]: The skill clones repositories from external URLs to analyze their structure and contents for company package generation.
Audit Metadata