agent-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill workflow involves taking user descriptions and requirements to generate folder structures and instructions for new skills, which could incorporate malicious prompts if provided by the user.
- Ingestion points: User prompts for creating or improving skills in SKILL.md Step 1 (Understand).
- Boundary markers: Absent; user-provided data is not encapsulated with protective delimiters or instructions to ignore embedded commands during the generation phase.
- Capability inventory: Local script execution for packaging and validation (package_skill.py) and file system manipulation.
- Sanitization: scripts/quick_validate.py implements schema validation, including regex for names and character restrictions for descriptions (blocking angle brackets).
- Unverifiable Dependencies (LOW): SKILL.md refers to an optional scripts/init_skill.py script for scaffolding which is missing from the provided skill folder, making its exact behavior unverifiable.
Audit Metadata