skill-creator
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to run the provided Python scripts
scripts/init_skill.pyandscripts/package_skill.pyduring the skill creation workflow. - [COMMAND_EXECUTION]: The
scripts/init_skill.pyscript dynamically creates a new Python file (example.py) and modifies its file permissions usingchmod(0o755)to make it executable. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection as it ingests untrusted user input (descriptions, scenarios, and task examples) to generate the body of a new
SKILL.mdfile and associated script templates. - Ingestion points: User-provided descriptions of skill functionality in Step 1 and content updates in Step 4.
- Boundary markers: None identified. The instructions do not define delimiters or provide warnings to the agent to treat user-supplied examples as untrusted data.
- Capability inventory: The agent is granted the capability to write files to the local file system and execute the provided helper scripts.
- Sanitization: None identified. User input is directly interpolated into file templates without escaping or validation.
Audit Metadata