CreateSkill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill references 'bun run $PAI_DIR/Tools/validate-pack.ts' to validate files. This is a call to a local system utility for internal maintenance and does not interact with remote code.
- [PROMPT_INJECTION] (LOW): The skill functions as a factory for other skills, creating a surface for indirect prompt injection where untrusted user input is incorporated into new agent instructions. Evidence Chain: 1. Ingestion points: User requests to create new skills (e.g., 'Create a skill for managing recipes') in SKILL.md. 2. Boundary markers: Absent from the generated skill structure. 3. Capability inventory: The skill system allows for file writing and command execution. 4. Sanitization: No explicit sanitization of user-provided names or descriptions is mentioned before they are written to the skill files.
Audit Metadata