create-skill
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell commands such as
mkdir,cp, andgitto manage the directory structure and versioning of skills within the personal AI environment. - [EXTERNAL_DOWNLOADS]: References the official Anthropic skills repository on GitHub (
github.com/anthropics/skills) for learning and examples. Anthropic is a well-known and trusted organization. - [PROMPT_INJECTION]: The skill processes user input to generate new instruction files, creating an attack surface for indirect prompt injection.
- Ingestion points: User descriptions and logic provided during the skill creation workflow in
workflows/create-new.md. - Boundary markers: Templates provide structure but do not explicitly wrap user input in delimiters to prevent instructions from being interpreted as commands by the agent when the generated skill is later used.
- Capability inventory: File creation, directory management, and git operations.
- Sanitization: No explicit sanitization or validation of user-provided strings is documented in the templates.
Audit Metadata