Skills
skills/rubenpenap/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill executes git config user.name and git config user.email in SKILL.md to extract the user's identity information for use in skill metadata.
  • [COMMAND_EXECUTION]: The skill performs significant file system modifications, including creating directories (mkdir) and installing skills globally by creating symbolic links (ln -sf) in the user's home directory (e.g., ~/.copilot/skills/ and ~/.claude/skills/).
  • [PROMPT_INJECTION]: The skill uses sed to interpolate unvalidated user input (the skill description) directly into shell commands. This creates a potential command injection surface if the input contains shell metacharacters or sed delimiters.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted user input during Phase 1 and Phase 2, which is then written into generated SKILL.md files without sanitization or boundary markers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:21 PM