create-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to transform user input and reviewer feedback into functional skill files, creating a surface for indirect prompt injection. Malicious instructions provided in user examples or review reports could potentially influence the behavior of the generated skill.
- Ingestion points: User-provided usage patterns (SKILL.md Step 1), implementation requests (SKILL.md Step 4), and review reports from spawned subagents (SKILL.md Step 5).
- Boundary markers: The instructions do not explicitly instruct the agent to use delimiters or sanitization patterns when processing user examples into instructions.
- Capability inventory: The skill possesses the capability to create directories and write files (SKILL.md Step 3) and delegate tasks to subagents (SKILL.md Step 5).
- Sanitization: The workflow includes a recommendation to evaluate findings before application, though no automated sanitization of input is defined.
Audit Metadata