rust-skill-creator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (MEDIUM): The skill directs the agent to run shell commands such as 'mkdir' and 'cat' using interpolated variables like {crate_name}. Without explicit sanitization, this creates a risk of command injection if the input contains shell metacharacters.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external URLs to populate new skill instructions. 1. Ingestion points: Documentation URLs from docs.rs or custom links. 2. Boundary markers: Absent; the generated SKILL.md does not use delimiters to isolate external content. 3. Capability inventory: The agent has shell access to create directories and files. 4. Sanitization: Absent; the skill does not instruct the agent to escape or filter the retrieved documentation.
- [Dynamic Execution] (MEDIUM): The skill generates and persists new executable AI instructions (SKILL.md) at runtime based on external content, which could allow an attacker to modify the agent's behavior by hosting malicious documentation.
Audit Metadata