skill-creator-yashu
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
RunCommandto execute local Python scripts (scripts/init_skill.py,scripts/quick_validate.py) to automate project setup and verify compliance with skill specifications. - [DYNAMIC_EXECUTION]: The scaffolding process involves generating new Python scripts (
scripts/example.py) based on templates and user input to provide functional boilerplate for new projects. - [PRIVILEGE_ESCALATION]: The initialization utility sets executable permissions (
0o755) on generated Python scripts to ensure they can be run immediately by the agent or user. - [INDIRECT_PROMPT_INJECTION]: The skill functions as a generator that translates natural language user requirements into structured skill documentation and instructions.
- Ingestion points: User requirements, functional descriptions, and triggers are ingested via the
AskUserQuestioninteraction. - Boundary markers: Not present; user input is interpolated directly into skill templates without explicit delimiters or "ignore instructions" warnings.
- Capability inventory: The skill possesses capabilities for filesystem modification (
Write,SearchReplace) and command execution (RunCommand). - Sanitization: Skill names are sanitized via regex to ensure valid kebab-case formatting, but descriptions and generated instructions are not filtered for malicious prompt content.
Audit Metadata