createos
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface (Category 8).
- Ingestion points: The skill reads local project files in 'scripts/createos.py' and 'scripts/deploy.sh' for upload, and retrieves remote logs via the 'GetBuildLogs' and 'GetDeploymentLogs' tools from 'api-createos.nodeops.network'.
- Boundary markers: Absent; 'SKILL.md' does not provide instructions or delimiters to ensure the agent ignores potential instructions embedded within the files or logs it processes.
- Capability inventory: The agent can execute provided helper scripts using the 'Bash' tool and has network access via 'requests' (Python) or 'curl' (Bash).
- Sanitization: Absent; the skill does not filter or sanitize ingested data before presenting it to the agent context.
- [COMMAND_EXECUTION]: The deployment scripts 'deploy.sh' and 'quick-deploy.sh' utilize dynamic execution of embedded Python code.
- Evidence: The scripts use the 'python3
- <<'PY'' pattern to execute hardcoded Python logic for filtering and encoding files. This is used for internal processing and preparation of data for upload to the vendor's API.
Audit Metadata