create-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates an attack surface by taking user-provided text and writing it to local or project-based skill files which the agent will later trust as instructions. * Ingestion points: Step 2 gathers name, description, and trigger scenarios from the user. * Boundary markers: The template in Step 3 lacks delimiters or instructions to ignore embedded content within the user-provided fields. * Capability inventory: The skill possesses the capability to create directories and write files in the user's home directory (~/.adal/skills/) and the current project directory (.adal/skills/). * Sanitization: No validation, escaping, or filtering is applied to user inputs before they are written to the filesystem.
- [Command Execution] (LOW): The skill instructs the agent to use shell commands (mkdir -p) to create filesystem structures. While appropriate for the tool's functionality, it involves direct interaction with the host environment.
Recommendations
- AI detected serious security threats
Audit Metadata