command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses local shell commands (e.g., git and mkdir) and the Write tool to create command files in directories like ~/.claude/commands/. This is the intended primary purpose of the skill and does not involve unauthorized privilege escalation or dangerous execution of untrusted remote content.
- [PROMPT_INJECTION] (LOW): The skill acts as a surface for Indirect Prompt Injection (Category 8) by interpolating user-provided instructions directly into generated command files. Evidence Chain: 1. Ingestion points: User-provided command purpose and workflow steps in Step 3. 2. Boundary markers: No explicit delimiters or warnings are used to wrap user input in the generated markdown. 3. Capability inventory: Generated commands are designed to execute bash commands and utilize subagents via the Task tool. 4. Sanitization: No sanitization or validation of user input is performed before interpolation.
- [DYNAMIC_EXECUTION] (LOW): The skill generates script-like markdown files from templates based on user input. As this is the core function of the utility and follows standard structural patterns, the risk is categorized as low according to the framework guidelines.
Audit Metadata