skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local Python scripts and shell commands (e.g.,
generate_review.py,aggregate_benchmark,run_loop.py,nohup,kill) to manage the lifecycle of skill creation and evaluation. - [COMMAND_EXECUTION]: It accesses the agent's internal trajectory data at
~/.claude/projects/to generate test cases from previous sessions. - [PROMPT_INJECTION]: The skill instructs the agent to intentionally influence model behavior by creating 'pushy' skill descriptions to increase triggering frequency.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from trajectory logs and user feedback to generate instructions.
- Ingestion points: Reads
failed_trajectories.jsonl,trajectory_samples.jsonl, andfeedback.jsonto inform skill modifications. - Boundary markers: Includes a 'Principle of Lack of Surprise' and guidelines against creating malicious content to mitigate risks.
- Capability inventory: The skill has significant capabilities including file system access, shell command execution, and subagent orchestration.
- Sanitization: No explicit technical sanitization or validation of the ingested trajectory or feedback data is mentioned.
Audit Metadata