creator-skills
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the j-skills NPM package, which is a management utility provided by the author for skill registration and deployment.
- [COMMAND_EXECUTION]: Executes standard shell commands like mkdir, ls, and find for workspace management. It also invokes the j-skills CLI tool to perform administrative actions such as linking and installing skills globally.
- [PROMPT_INJECTION]: The skill functions as a generator for other skills, creating an indirect prompt injection surface.
- Ingestion points: The skill processes user-provided names and descriptions when creating new SKILL.md files.
- Boundary markers: There are no explicit delimiters or safety instructions used to isolate user-provided content during the file creation process.
- Capability inventory: The skill utilizes directory creation, file writing, and CLI tool execution capabilities as documented in SKILL.md.
- Sanitization: No input validation or sanitization is performed on the user-provided strings before they are used in filesystem operations.
Audit Metadata