CreateSkill

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates file and directory management using standard system utilities such as mkdir, touch, cp, find, mv, and ls to scaffold and restructure skill folders.
  • [EXTERNAL_DOWNLOADS]: Performs local network requests using curl to http://localhost:31337/notify. These requests are used for voice and text status notifications and are restricted to the localhost interface.
  • [COMMAND_EXECUTION]: Executes local TypeScript-based tools using the bun runtime for skill validation and help generation purposes.
  • [DATA_EXFILTRATION]: Records execution history by appending metadata to a local log file located at ~/.claude/PAI/MEMORY/SKILLS/execution.jsonl.
  • [PROMPT_INJECTION]: The TestSkill and ImproveSkill workflows ingest external task prompts and skill instructions to evaluate effectiveness. While this presents an indirect prompt injection surface, it is a functional requirement for its purpose and the activity is contained within evaluation subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — CreateSkill