Skills
skills/zhayujie/chatgpt-on-wechat/skill-creator/Gen Agent Trust Hub

skill-creator

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides procedures for fetching content from user-specified URLs using tools like curl or web-fetch to install new skills.
  • [REMOTE_CODE_EXECUTION]: The installation guide for remote skills directs the agent to execute setup instructions, such as downloading scripts or binary files, defined within the fetched content.
  • [COMMAND_EXECUTION]: Procedural instructions for skill installation require the agent to run arbitrary shell commands found in third-party skill definitions to complete setup.
  • [PROMPT_INJECTION]: The process of ingesting and following instructions from externally sourced files creates a surface for indirect prompt injection.
  • Ingestion points: Content fetched from user-provided URLs (processed in SKILL.md).
  • Boundary markers: Absent; the agent is directed to follow the instructions within the saved file directly.
  • Capability inventory: The skill utilizes bash, read, write, and edit tools as specified in SKILL.md.
  • Sanitization: No sanitization or validation of the remote content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 07:30 AM