10-andruia-skill-smith
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains explicit instructions to perform file system operations, specifically creating directories and writing 'README.md' files to a hardcoded path:
D:\...\antigravity-awesome-skills\skills\. This workflow assumes the agent has the necessary permissions to modify the host filesystem.\n- [PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection because its core function is to generate new prompts (skills) from untrusted user input.\n - Ingestion points: The 'ADN de la Skill' phase (FASE 1) collects technical names, expert roles, and expected outputs from users.\n
- Boundary markers: There are no defined delimiters or instructions to treat user input as untrusted data during the generation phase.\n
- Capability inventory: The skill possesses the capability to write to the filesystem and modify a master registry, which could be exploited if a malicious skill is generated.\n
- Sanitization: The instructions do not include any logic for sanitizing or validating user input before it is interpolated into the generated skill files.\n- [COMMAND_EXECUTION]: The inclusion of a specific Windows-style directory path (
D:\...\antigravity-awesome-skills\skills\) exposes internal naming conventions and directory structures of the local environment.
Audit Metadata