create-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface. The skill functions as a generator for instruction-bearing markdown files (SKILL.md, CLAUDE.md) based on user input. * Ingestion point: User-provided goals and workflow steps defined in 'workflows/create-new.md'. * Boundary markers: Absent. * Capability inventory: Performs file creation and copying (cp) within the skill infrastructure. * Sanitization: None; user input is interpolated directly into template placeholders.
- [COMMAND_EXECUTION] (HIGH): Persistence Mechanism. The workflow in 'SKILL.md' (Step 6) requires modifying '${PAI_DIR}/global/KAI.md'. This file likely influences the agent's system prompt by listing available skills, allowing any injected malicious skill to maintain persistence across sessions.
- [EXTERNAL_DOWNLOADS] (LOW): Documentation in 'templates/README.md' references 'github.com/anthropics/skills', which is a trusted external source for documentation purposes.
Recommendations
- AI detected serious security threats
Audit Metadata