skill-creator
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill environment executes a local JavaScript grader (graders/check-skill.js) to verify the structure of skill files. This script performs read operations on local workspace files.
- [EXTERNAL_DOWNLOADS]: Metadata references external resources including agentskills.io and a public GitHub repository mgechev/skillgrade. These are documented as references for the skill's domain of skill authoring.
- [PROMPT_INJECTION]: The skill acts as an editor for other agent skills, processing draft instruction files. This creates a surface for indirect prompt injection, where content within a processed draft could attempt to manipulate the agent's behavior. This is an inherent risk of instruction-editing tools and is managed by standard agent safety protocols.
Audit Metadata