Skills
skills/vitadynamics/vita-cc-market/create-command/Gen Agent Trust Hub

create-command

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses the ${ARGUMENTS} placeholder to ingest user input, which is then used to generate a new command file. This pattern creates a vulnerability to indirect prompt injection, as malicious input could be designed to override the instructions of the resulting command.\n
  • Ingestion points: The ${ARGUMENTS} variable in SKILL.md.\n
  • Boundary markers: None identified; the input is placed directly into the goal section of the generated content.\n
  • Capability inventory: The skill allows Write and Bash operations.\n
  • Sanitization: No explicit sanitization or validation of the input content is performed.\n- [COMMAND_EXECUTION]: The skill is granted Bash tool access. Although intended for development tasks like linting and testing, this provides a capability that could be exploited if the agent is misled by malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:19 AM