writer-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data (user-provided templates) and uses that data to generate new skill files.
- Ingestion points: Template text or file paths provided by the user in '模板来源'.
- Boundary markers: None. The instructions do not define delimiters to separate user data from system instructions.
- Capability inventory: The agent has the capability to write files (SKILL.md, structure.yaml, requirements.yaml) into the
backend/data/skills/directory. - Sanitization: None. There are no instructions to sanitize the content of the generated files or the
skill-idused for the directory name. - [Command Execution] (LOW): The skill directs the agent to perform filesystem write operations. Without strict sandboxing or path validation, this could be abused for path traversal (e.g., using
../../in theskill-id) to overwrite existing configuration or system files.
Audit Metadata