skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes
Bash,Write, andEdittools to create new scripts and modify configuration files (e.g.,skill-rules.json). This is appropriate for a developer utility but represents a high level of functional privilege. - [PROMPT_INJECTION] (LOW): (Indirect) This skill defines an attack surface for indirect prompt injection in downstream skills it creates.
- Ingestion points: The template in
SKILL.mdcreates Python scripts (e.g.,scripts/my_pipeline.py) that ingest external data via command-line arguments usingparse_args(). - Boundary markers: The templates do not implement delimiters or warnings to ignore instructions embedded in the provided arguments.
- Capability inventory: The generated skills have the capability to execute shell commands (via
uv run) and call arbitrary MCP tools (call_mcp_tool). - Sanitization: There is no evidence of input validation, escaping, or sanitization in the generated Python code templates before data is passed to the
call_mcp_toolfunction. - [DYNAMIC_EXECUTION] (LOW): The skill automates the generation of executable Python scripts and Markdown definitions. The templates use local execution patterns (e.g.,
uv run python) and do not appear to pull or execute untrusted remote code during the creation process.
Audit Metadata