create-skill
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No suspicious patterns or malicious instructions were detected. The skill is designed for portability and explicitly avoids external dependencies or repo-specific scripts.
- [COMMAND_EXECUTION]: The skill performs local file system write operations during 'references/step-5-generate-workflow.md'. This activity is controlled by a multi-step approval process and deterministic preview in 'references/step-3-preview-workflow.md'.
- [PROMPT_INJECTION]: The skill generates instructions from user requirements, creating a surface for indirect prompt injection. 1. Ingestion points: User requirements captured in 'references/step-1-requirements-workflow.md'. 2. Boundary markers: Structural schema in 'references/payload-schema.md' and explicit user confirmation steps. 3. Capability inventory: Local file writing. 4. Sanitization: Automated YAML validation and a natural-language checklist ('references/validation-checklist.md') that prohibits external path references.
Audit Metadata