create-my-tools-profile
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations to create persistent configuration files in specific local directories, such as
.cursor/rules/,.claude/rules/, and.windsurfrules/. - [DATA_EXPOSURE]: The skill reads the names and descriptions of active tools from the Zapier MCP environment to generate an inventory for the user. This data is used locally to create the profile and is not sent to external servers.
- [PROMPT_INJECTION]: While the skill generates instructions that influence future agent behavior, this is the intended functionality (creating a 'tools profile'). There are no attempts to bypass safety filters or override system-level instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (tool descriptions from the MCP environment) and interpolates them into rule files.
- Ingestion points: Tool names and descriptions from the Zapier MCP configuration.
- Boundary markers: None (the data is formatted into standard Markdown lists and headers).
- Capability inventory: File system write access to create rule files (
.md,.mdc). - Sanitization: No explicit sanitization of tool descriptions is mentioned, but the risk is mitigated as the content is restricted to local configuration files created with user consent.
Audit Metadata