cp-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to read and process content from potentially untrusted third-party skill directories, which could contain instructions aimed at manipulating the behavior of the evaluating agent.\n
- Ingestion points: The evaluation instructions (SKILL.md) direct the agent to read external
SKILL.mdfiles and any related files in the target directory.\n - Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings specified for the ingestion of target skill content.\n
- Capability inventory: The agent has the capability to create, structure, and modify files within the local filesystem.\n
- Sanitization: The skill mitigates risks by enforcing a strict 'Wait for User Permission' policy (Step 5 of Evaluation), requiring the agent to present findings and receive explicit human approval before applying any suggested changes.\n- External Downloads (SAFE): The documentation (references/skills-spec.md) mentions an external GitHub repository (
github.com/agentskills/agentskills) and a website (agentskills.io) for validation and documentation. These are informational references for the user and are not automatically accessed or executed by the skill itself.
Audit Metadata