create-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/scaffold.pyusing theBashtool to automate the creation of project structures and boilerplate code. - [EXTERNAL_DOWNLOADS]: Generated templates for
README.mdinclude instructions for users to download and install Python dependencies viapip, which is standard behavior for development-oriented skills. - [PROMPT_INJECTION]: The
SKILL.mdcontains detailed instructions that define the agent's role as an 'Agent Skill Architect' and mandate specific interaction patterns, such as the 'Negative Instruction Constraint', to control model behavior during the design process. - [INDIRECT_PROMPT_INJECTION]: The skill represents an indirect injection surface because it ingests untrusted user data (such as skill descriptions) and interpolates them into generated markdown and script files.
- Ingestion points: User-provided
--name,--desc, and--patharguments. - Boundary markers: Generated files use YAML frontmatter and Markdown headers to delimit sections.
- Capability inventory: The skill utilizes
Bashfor command execution andWritefor file system modifications. - Sanitization: The
nameparameter is sanitized via regex (^[a-z0-9-]+$) inscaffold.py, although thedescriptionis directly formatted into templates without escaping.
Audit Metadata