create-tool
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (LOW): The skill generates executable TypeScript (.ts) and React (.tsx) files from predefined templates. Although this is the primary purpose of the skill, generating scripts at runtime is a known security surface.
- Indirect Prompt Injection (LOW):
- Ingestion points: The skill collects untrusted data from the user via
AskUserQuestion, including thetool-name, parameter names, and descriptions. - Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings for the agent to use when interpolating user input into the code templates.
- Capability inventory: The agent has the capability to write files to the local file system (specifically
src/tools/). - Sanitization: Absent. There is no instruction to validate or sanitize the
tool-nameto prevent path traversal (e.g., providing../../filename) or to escape strings within the generated code, which could lead to code injection in the resulting tool. - Command Execution (SAFE): The skill suggests the user run
pnpm build. This is a standard and expected operation for the intended development workflow and does not pose an inherent risk in this context.
Audit Metadata