creation-guard
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
ls,grep, andheadacross multiple local directories, including~/Dev/,~/bin/, and~/.claude/. The instructions specify interpolating user-provided keywords into commands (e.g.,grep -ril "[keywords]"), which could present a command injection risk if the agent does not properly sanitize the input. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing data from external files during its analysis phase.
- Ingestion points: The skill reads the first 10-20 lines of existing markdown files in
~/.claude/skills/,~/.claude/agents/, and~/.claude/commands/usingheadto assess functionality overlap. - Boundary markers: No delimiters or isolation instructions are provided to prevent the agent from following malicious instructions that might be embedded within the files being searched.
- Capability inventory: The skill allows for the creation of new artifacts and further command execution based on the results of its analysis.
- Sanitization: There is no evidence of sanitization or filtering of the content read from existing files before it is presented to the agent for decision-making.
Audit Metadata