Skills
skills/soul-brews-studio/arra-oracle-skills/create-shortcut/Gen Agent Trust Hub

create-shortcut

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to manage its lifecycle and skill storage.
  • It uses mkdir -p and mv to create and archive skill directories in both project-local (.claude/skills/) and global (~/.claude/skills/) paths.
  • It performs file-writing operations to generate SKILL.md files, which define new executable agent capabilities.
  • [PROMPT_INJECTION]: The 'Mode 4: Auto-Create' feature introduces an indirect prompt injection vulnerability.
  • Ingestion points: Command names from user input or errors (e.g., 'Unknown skill: resonance') are parsed as intent hints.
  • Capability inventory: The skill is instructed to 'infer intent' and 'execute immediately' based on these names, involving potential shell commands or file writes.
  • Boundary markers: No explicit delimiters or safety instructions are provided to isolate the inferred intent from the command name.
  • Sanitization: There is no evidence of input validation or sanitization for the command names or inferred instructions before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 02:42 AM