create-ra-skill
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it facilitates the creation of new SKILL.md files by directly interpolating free-form user responses into a template. This allows potentially malicious instructions provided by a user during the interview phase to be saved into a file that the agent may later load and execute.\n
- Ingestion points: User responses to the eight hearing questions in Phase 1 (SKILL.md).\n
- Boundary markers: The skill does not use protective delimiters or instructions to isolate user-provided content from the structural logic of the generated skill.\n
- Capability inventory: The skill utilizes Read, Write, and Bash tools to manage the creation and persistence of the generated markdown files.\n
- Sanitization: There is no evidence of sanitization, escaping, or instruction-filtering performed on the user's input before it is written to the filesystem.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system operations, such as creating directories and saving the generated skill files.\n
- Evidence: Phase 4 of the SKILL.md file describes using shell-like logic to create paths such as skills/{skill-name}/SKILL.md.
Audit Metadata