command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a scaffolding tool that creates Markdown command definitions in the local .opencode/commands/ directory.
- [COMMAND_EXECUTION]: Provides documentation for manual verification using standard shell utilities (find) and Python for YAML validation.
- [PROMPT_INJECTION]: Creates a surface for indirect prompt injection where user-supplied command metadata is written to instructions; however, this is an inherent part of the tool's scaffolding purpose (1. Ingestion: command name and description; 2. Boundary markers: YAML frontmatter; 3. Capability inventory: writes Markdown files to the local filesystem; 4. Sanitization: suggests manual verification and safe YAML loading).
Audit Metadata