Skills
skills/cekura-ai/cekura-skills/cekura-create-agent/Gen Agent Trust Hub

cekura-create-agent

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a bash script (scripts/upload-agent.sh) and command-line examples in SKILL.md that use curl to interact with the Cekura API for creating and updating agent configurations.
  • [DATA_EXFILTRATION]: The skill's primary function involves collecting and transmitting sensitive third-party service credentials (such as VAPI, Retell, and ElevenLabs API keys) to the external API endpoint at api.cekura.ai.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted agent descriptions and system prompts which are then processed by the platform for automated evaluator generation and classification.
  • Ingestion points: Phase 1.2 of the collection flow in SKILL.md where the agent is instructed to collect the full system prompt or agent description from the user.
  • Boundary markers: No delimiters or instructions are used to isolate the user-provided prompt from the surrounding JSON structure or to warn downstream systems about potentially malicious content.
  • Capability inventory: The skill uses shell commands and local scripts to send the collected data to an external API.
  • Sanitization: There is no evidence of validation, escaping, or sanitization of the user-provided data before it is transmitted or processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 08:06 PM