command-creator
Warn
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
================================================================================
🟡 VERDICT: MEDIUM
The primary concern is the reference to an unverified external script within an example command. While the skill itself does not directly execute this script, it provides a pattern that encourages users to run external, unaudited code. The skill's core function of generating agent instructions also presents an inherent risk for prompt injection if users create malicious commands.
Total Findings: 1
🟡 MEDIUM Findings: • Unverifiable Dependency / Command Execution
- references/examples.md:210: The example command 'codex-review' executes an external script
scripts/codex-review.py. The content of this script is not provided within the skill files and therefore cannot be audited for security vulnerabilities or malicious behavior. Executing unverified external scripts poses a risk of arbitrary code execution, data exfiltration, or other harmful actions.
================================================================================
Audit Metadata