skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use local utility scripts, specifically
scripts/init_skill.pyandscripts/package_skill.py, for initializing and packaging skills. It also uses standard shell commands likelsto interact with the skill directory structure.\n- [PROMPT_INJECTION]: The skill functions as a generator for other instructions, creating an indirect prompt injection surface by ingesting and processing untrusted user input.\n - Ingestion points: User input is collected for skill metadata (name, description) and instruction body content (SKILL.md, Step 4).\n
- Boundary markers: No explicit delimiters or isolation instructions are defined to separate user-provided content from the agent's instructions in the generated output.\n
- Capability inventory: The workflow includes writing to the local file system and executing local management scripts.\n
- Sanitization: The instructions focus on structural organization and token efficiency but do not prescribe specific validation or sanitization protocols for the user-provided skill content.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata