Skills
skills/richfrem/agent-plugins-skills/create-stateful-skill/Gen Agent Trust Hub

create-stateful-skill

Warn

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scaffold.py) via the Bash tool in Phase 2. The command interpolation uses user-supplied variables [requested-name] and [short-description]. While the evals.json file includes a test case for preventing script injection, the SKILL.md instructions do not explicitly mandate sanitization or validation of these inputs before they are passed to the shell.
  • [REMOTE_CODE_EXECUTION]: The skill's architecture is built on numerous files in the references/patterns/ directory that contain relative paths pointing significantly outside the skill's own root directory (e.g., ../../../../../agent-skill-open-specifications/...). This indicates a dependency on a specific external repository structure, and the agent will attempt to load and execute logic from these unverifiable external paths.
  • [DATA_EXFILTRATION]: While no direct network tools are listed in allowed-tools, the inclusion of the Bash tool enables the possibility of data exfiltration if the environment allows outgoing connections, particularly if the user-supplied inputs for the scaffolding process are exploited for command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 3, 2026, 06:08 PM