skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (
scripts/init_skill.pyandscripts/package_skill.py) to automate the skill creation and packaging process. - [DYNAMIC_EXECUTION]: The instructions include a development workflow where the agent is encouraged to write new scripts and then 'actually run them to ensure there are no bugs.' This involves executing dynamically generated code.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user input to define the functionality of new skills.
- Ingestion points: User-provided examples and requirements gathered in Step 1 and Step 2 of the creation process.
- Boundary markers: None explicitly defined to separate user input from the generated instruction body.
- Capability inventory: The skill can execute local Python scripts, write new files to the filesystem, and run arbitrary generated code for testing purposes.
- Sanitization: There are no documented sanitization or validation steps for user-provided examples before they are used to generate scripts or instructions.
Audit Metadata