skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/validate_skill.pyscript fetches theskills-refpackage from a remote Git repository (github.com/agentskills/agentskills.git) using theuvpackage manager.\n- [REMOTE_CODE_EXECUTION]: The validation process relies on executing code downloaded directly from a GitHub repository viauv run, which introduces a dependency on the integrity of the remote source.\n- [COMMAND_EXECUTION]: The initialization scriptscripts/init_skill.pyuseschmod(0o755)to set executable permissions on the newly createdscripts/example.pyfile.\n- [COMMAND_EXECUTION]: The skill frontmatter suggests enabling broad tool permissions, specifically forBash(python3:*)andBash(uv:*), which allows the agent to execute Python scripts and manage packages.\n- [PROMPT_INJECTION]: The skill provides an interface for generating new system instructions from user-provided input, creating a surface for indirect prompt injection.\n - Ingestion points: User input provided to define the
nameanddescriptionfields in the generatedSKILL.mdfile.\n - Boundary markers: None; the skill directly interpolates user input into the template file without instruction wrappers or safety markers.\n
- Capability inventory: The skill utilizes
Write,Edit, andBashtools to manage and execute content on the local filesystem.\n - Sanitization: No input validation or character escaping is performed on the user-provided strings before they are written to disk.
Audit Metadata