skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (init_skill.py, package_skill.py) to perform file system operations, such as creating directories and writing files, which is consistent with its role as a project initializer.
- [COMMAND_EXECUTION]: In init_skill.py, the script programmatically adjusts file permissions (chmod 0o755) for generated example files. This facilitates the creation of executable scripts but represents a deliberate modification of file security settings.
- [PROMPT_INJECTION]: The creator command presents an indirect prompt injection surface by taking user-supplied descriptions and incorporating them into new SKILL.md and plugin.json files.
- Ingestion points: User input provided to the /skill-creator:creator command in commands/creator.md.
- Boundary markers: The generation process does not employ explicit delimiters or system instructions to prevent the user input from being interpreted as instructions by an agent loading the new skill.
- Capability inventory: The skill has the capability to write to the file system and create executable files through the init_skill.py utility.
- Sanitization: Validation logic in quick_validate.py checks for specific characters like angle brackets and validates naming conventions, but it does not provide comprehensive protection against malicious instructions embedded in the natural language description.
Audit Metadata