create-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user input to generate file content and executable scripts. This creates a vulnerability where malicious prompts can lead to the creation of skills with dangerous capabilities.
- Ingestion points: User instructions and examples provided during the
/create-skillcommand trigger. - Boundary markers: Absent. The instructions do not define delimiters to separate user input from generated instruction logic.
- Capability inventory: The skill utilizes
Writetool to create files and encourages the creation ofscripts/(executable code) and the use ofBashviaallowed-tools. - Sanitization: Absent. There are no instructions for validating or escaping user-provided examples before including them in the generated skill.
- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to create executable scripts in a
scripts/directory and test them. It also suggests configuring frontmatter to allowBash(git:*)access, which provides a pathway for arbitrary command execution in the resulting skills.
Recommendations
- AI detected serious security threats
Audit Metadata