skill-creator-ms
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill acts as a meta-guide for creating other skills. It prioritizes security by enforcing the use of
DefaultAzureCredentialand managed identities instead of hardcoded secrets. It also establishes clear structural templates that minimize ambiguity in agent behavior. - [COMMAND_EXECUTION]: The skill instructs the agent to perform local development tasks such as creating symlinks (
ln -s), changing directories (cd), and running local build/test commands (pnpm harness,npx tsx). These operations are consistent with the intended use case of skill development and maintenance within a local repository. - [EXTERNAL_DOWNLOADS]: The skill describes the installation of official Azure SDK packages and development tools from trusted registries (PyPI, NPM). It links to official Microsoft Learn documentation and GitHub repositories, following the neutral tone required for well-known services.
- [PROMPT_INJECTION]: The skill incorporates a workflow for processing user-provided documentation to generate new instructions, which represents an indirect prompt injection surface. Ingestion points: The user provides SDK package names and documentation URLs in the 'Gather SDK Context' step. Boundary markers: The guide enforces strict structural requirements for generated SKILL.md files. Capability inventory: Resulting skills can interact with the file system and execute build tools. Sanitization: The guide mandates that agents verify all patterns against official docs via the
microsoft-docstool to prevent reliance on potentially malicious or outdated user-provided input.
Audit Metadata