Skills
skills/yulonglin/dotfiles/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/init_skill.py script performs file system operations, creating directories and writing files based on user input.
  • [COMMAND_EXECUTION]: The scripts/init_skill.py script modifies file permissions using chmod to make generated scripts executable.
  • [COMMAND_EXECUTION]: The scripts/package_skill.py script reads and compresses local files into archives.
  • [PROMPT_INJECTION]: The skill acts as a factory for other skill instructions, creating an indirect prompt injection surface. Evidence: (1) Ingestion points: CLI arguments in init_skill.py; (2) Boundary markers: Absent in generated templates; (3) Capability inventory: File and directory operations in all scripts; (4) Sanitization: Input validation in normalize_skill_name.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:34 AM