agent-creator

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes Python scripts (scripts/init_agent.py and scripts/validate_agent.py) that perform local file system operations. These scripts facilitate creating directories and writing markdown files to .claude/agents/ or ~/.claude/agents/, which is the standard behavior for managing Claude Code subagents.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection (Category 8) because the init_agent.py script interpolates user-provided text (description and body) into a template for a system prompt. However, this is the intended primary purpose of the skill (generating agent definitions) and is constrained to the user's local environment.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets or attempts to harvest environment variables/credential files were found in any of the scripts or instruction files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 02:59 PM
Security Audit — agent-trust-hub — agent-creator