skill-create
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/create_skill.pycreates directories and writes files to the local filesystem. It uses thepathlibmodule to manage directory creation and file writing for the new skill structure.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates user-provided metadata into the instructions of the generatedSKILL.mdfile.\n - Ingestion points: User input for skill name, description, author, and tags are ingested via CLI arguments in
scripts/create_skill.py.\n - Boundary markers: No delimiters are used to wrap interpolated metadata in the generated markdown files.\n
- Capability inventory: The skill is restricted to local filesystem operations and lacks network or sensitive data access capabilities.\n
- Sanitization: The
nameparameter is validated with a strict regex (^[a-z0-9-]+$), though other metadata fields are not sanitized before interpolation.
Audit Metadata