skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute local scripts (
scripts/init_skill.pyandscripts/package_skill.py) via the command line to manage the skill lifecycle, which involves shell-level interactions. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) by interpolating user-provided strings directly into command-line arguments. * Ingestion points: Data enters the context via user-defined placeholders such as
<skill-name>and<output-directory>. * Boundary markers: There are no defined delimiters or instructions to treat these inputs as literal strings, increasing the risk of command injection. * Capability inventory: The skill is designed to perform file system operations (creating directories and files) and execute Python/Bash scripts. * Sanitization: No input validation or escaping mechanisms are described to prevent the inclusion of malicious shell metacharacters in the user-provided arguments.
Audit Metadata