skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data and write it into permanent SKILL.md files. 1. Ingestion points: User prompts and WebFetch results. 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: Bash, Write, Edit, WebFetch, Task. 4. Sanitization: None identified.
- Command Execution (MEDIUM): The skill provides the agent with Bash tool access and specifically facilitates the creation of executable command blocks in skills, posing a risk of code injection if the creation process is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata