generate-skill
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a high-level interactive guide and template generator. It does not perform any automated network operations, file exfiltration, or unauthorized command execution.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. While the documentation provides examples of scripts (e.g., using
npm install), these are clearly marked as templates for the user's generated skills and use placeholder names. - [DATA_EXPOSURE]: The skill does not access sensitive files (such as
.env,.ssh, or AWS credentials) or attempt to exfiltrate data. - [PROMPT_INJECTION]: There are no instructions aimed at overriding agent safety guidelines or extracting system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill accepts user input through the
AskUserQuestiontool which is then interpolated into generated skill files. - Ingestion points: User responses to discovery questions in
SKILL.md(Phase 1). - Boundary markers: None present for the interpolated user content.
- Capability inventory: The skill facilitates the creation of file structures and script content.
- Sanitization: None specified for user-provided triggers or descriptions.
Audit Metadata