command-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill functions as a 'prompt factory,' generating new instructions based on user-supplied input. This creates a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: User input for '목적' (purpose) and '$ARGUMENTS' (inputs) captured via AskUserQuestion in SKILL.md.
- Boundary markers: Absent; the templates do not use delimiters or warnings to prevent the agent from obeying instructions embedded within the user-provided content.
- Capability inventory: Read, Write, Edit, Glob, and Task (parallel agent calls via the batch-processor template).
- Sanitization: Absent; the skill blindly interpolates user input into markdown templates.
- Dynamic Execution (LOW): The skill dynamically generates markdown files that serve as instructions for the agent and writes them to the file system. While these are not binary scripts, they represent the creation of new executable logic (Category 10).
- Persistence Mechanisms (SAFE): The skill modifies files in the
~/.claude/commands/directory, which allows the generated commands to persist across different project contexts and sessions. This is the intended primary behavior of the skill.
Audit Metadata