create-command
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the creation of commands that execute shell scripts (e.g., git, npm, node). It emphasizes security by documenting how to scope tool permissions using
allowed-tools: Bash(cmd:*)and providing patterns for validating user arguments before shell execution to prevent command injection. - [REMOTE_CODE_EXECUTION]: The skill includes templates for generating Python and Node.js execution scripts. It also describes a design pattern for fetching the latest API specifications from remote repositories (e.g., GitHub) at runtime using the
WebFetchtool to ensure context freshness and accuracy. - [PROMPT_INJECTION]: The skill incorporates a robust evaluation suite that includes negative test cases specifically designed to detect and prevent command injection attempts through maliciously crafted command names or arguments, such as directory traversal or destructive command sequences.
- [SAFE]: Extensive security-focused design patterns are provided, including XSS compliance gates for generated HTML artifacts and sandboxing constraints for client-side compute tasks. These patterns demonstrate a proactive approach to preventing common AI agent security risks and teaching users safe development practices.
Audit Metadata