skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a scoped Bash tool to execute local initialization and validation scripts ('init_skill.py' and 'quick_validate.py'). These scripts manage file system operations such as directory creation and skill-specific file writing within designated workspace paths.
- [EXTERNAL_DOWNLOADS]: The validation script manages the 'pyyaml' dependency via 'uv'. This is a well-known, trusted library used for secure YAML parsing, and the reference is documented neutrally as a safe operational requirement.
- [PROMPT_INJECTION]: The skill acts as a generator for new 'SKILL.md' files, creating a surface for indirect prompt injection where user-supplied content is interpolated into templates.
- Ingestion points: User-provided command-line arguments (skill name and project) passed to the 'init_skill.py' script.
- Boundary markers: The generated skill template lacks explicit boundary markers or instructions to the agent to disregard instructions embedded within the user-provided 'description' or 'TODO' fields.
- Capability inventory: The skill possesses 'Write' and 'Bash' capabilities, allowing it to commit generated content to the file system.
- Sanitization: 'init_skill.py' enforces hyphen-case naming conventions for skill names, and 'quick_validate.py' checks for angle brackets in descriptions to prevent certain injection patterns.
Audit Metadata