Skills
skills/shetengteng/skillix-hub/skill-builder/Gen Agent Trust Hub

skill-builder

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The run_tests.js.tpl template, which is used to generate the test runner for new skills, utilizes child_process.execSync to execute JavaScript files found within the tests/ directory.
  • [EXTERNAL_DOWNLOADS]: The standardized development process outlined in SKILL.md mandates the implementation of install and update commands that perform remote package downloads and installations (e.g., npm install, pip install).
  • [PROMPT_INJECTION]: As a code and documentation generator, the skill exhibits an indirect prompt injection surface (Category 8):
  • Ingestion points: User-provided functional descriptions, names, and design logic entering via natural language interaction during Phase 1-3.
  • Boundary markers: The generated SKILL.md.tpl and design-doc.md.tpl templates do not implement specific delimiters to isolate user-provided content from agent instructions.
  • Capability inventory: scaffold.js has file system write access (fs.writeFileSync), and the generated test environment has shell execution capabilities (execSync).
  • Sanitization: While the skill name is validated against a regex (NAME_RE), other descriptive inputs used in template rendering are interpolated without sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 07:33 PM