cc-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted data when evaluating external skills provided by the user (Step 3: 'Read the Target Skill'). This presents a surface for indirect prompt injection where instructions hidden in the evaluated file could attempt to hijack the agent's logic. However, the risk is mitigated by a mandatory human-in-the-loop requirement ('Wait for User Permission') that prevents any automated modifications or follow-up actions without explicit user approval.
- [Data Exposure & Exfiltration] (SAFE): The skill suggests a default installation path within
.claude/skillsand interacts only with the files relevant to the skill creation process. There are no patterns indicating access to sensitive system files (e.g., SSH keys, environment variables) or network calls to exfiltrate data. - [Command Execution] (SAFE): The skill documentation mentions supporting scripts (Bash, Python, JavaScript) within the 'scripts/' directory of created skills. However, the skill creator itself does not execute these scripts or any arbitrary shell commands; it only scaffolds the directory structure and files based on user input.
- [Metadata Poisoning] (SAFE): The metadata fields (name, description, author) are used conventionally and do not contain deceptive instructions or injection attempts.
Audit Metadata