Skills
skills/catlog22/claude-code-workflow/skill-generator/Gen Agent Trust Hub

skill-generator

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses the Bash tool to perform filesystem operations, including directory creation (mkdir -p) and project scaffolding. It also generates functional Bash scripts based on templates for inclusion in the new skills.
  • [DYNAMIC_EXECUTION]: As a code generator, the skill produces executable Python and Bash scripts, as well as Markdown files containing orchestration logic (e.g., Javascript-like pseudocode) intended for runtime execution by an agent.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input via the AskUserQuestion tool to define the generated skill's metadata, purpose, and logic. This data is interpolated into the generated skill's prompts and configuration files.
  • Ingestion points: User input is collected in phases/01-requirements-discovery.md via AskUserQuestion prompts.
  • Boundary markers: Generated templates generally lack explicit delimiters or instructions to ignore embedded commands in the interpolated user content.
  • Capability inventory: The generator uses Agent, Bash, Read, and Write across its phases.
  • Sanitization: The skill includes a validateSkillName function (documented in specs/skill-requirements.md) and basic escaping logic in LLM-related templates, though these are largely provided as patterns for the agent to follow during generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:30 AM
Security Audit — agent-trust-hub — skill-generator