skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the user/agent to install a global npm package
@agentskills/skills-refvianpm install -g. This organization is not on the trusted sources list, making it an unverifiable external dependency. - [Command Execution] (LOW): The skill provides bash commands (
skills-ref validate,skills-ref generate) to be executed on the system. While these are intended for validation and template generation, they represent execution of third-party code following the npm installation. - [Indirect Prompt Injection] (INFO): The skill defines templates for creating new skills. While this provides the structure for potential future injection surfaces in skills created using these templates, the skill itself does not ingest untrusted data for automated processing.
Audit Metadata