Skills
skills/catlog22/claude-code-workflow/command-generator/Gen Agent Trust Hub

command-generator

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and YAML structure manipulation because user-provided inputs are directly interpolated into templates without sanitization.\n
  • Ingestion points: Parameters description and argumentHint provided in SKILL.md are processed through Phase 1 and Phase 4.\n
  • Boundary markers: Absent. The template in templates/command-md.md does not use delimiters or instructions to isolate user-provided content from the command's logic.\n
  • Capability inventory: Write, Edit, and Bash tools allow the skill to create and modify command files that the agent will later interpret as executable instructions.\n
  • Sanitization: While skillName and group are validated with regex, the description and argumentHint fields are only checked for length. An attacker could inject YAML delimiters (---) or newlines to corrupt the frontmatter or inject malicious instructions into the generated file.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for filesystem management tasks in phases/02-target-path-resolution.md and phases/05-file-generation.md (e.g., mkdir -p, test -f). Although the inputs for these commands are validated to prevent shell injection, using shell execution for simple directory and file checks is a higher-privilege approach than using standard filesystem APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:37 AM