Skills
skills/richfrem/agent-plugins-skills/create-hook/Gen Agent Trust Hub

create-hook

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python script (scripts/scaffold.py) that handles the file system operations and template rendering.
  • [REMOTE_CODE_EXECUTION]: The scaffold.py script generates executable Python files (execute.py) by populating templates with user-provided strings. The create_skill function uses Python's .format() method to insert the description variable into the execute.py.jinja template without escaping. This creates a risk where a malformed or malicious description could inject arbitrary code into the generated script if executed by a user.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface.
  • Ingestion points: User input for name and description in SKILL.md.
  • Boundary markers: None present in templates like SKILL.md.jinja or agent.md.jinja.
  • Capability inventory: The generated skills typically include Bash, Read, and Write capabilities.
  • Sanitization: Name validation via regex ^[a-z0-9-]+$ is present, but description is not sanitized.
  • [SAFE]: The skill performs regex-based name validation to prevent path traversal. It does not perform network operations or hardcode credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:59 AM