agent-creator

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides several bash script templates (e.g., validate-solid.sh, track-skill-read.sh) and instructs the agent to apply execution permissions using chmod +x.
  • [COMMAND_EXECUTION]: Instructions in SKILL.md guide the agent to use shell utilities like sed for automated file editing and bash for executing validation logic.
  • [COMMAND_EXECUTION]: The documentation defines a hook system (PreToolUse and PostToolUse) that executes local shell scripts to enforce SOLID principles and track skill consultation.
  • [PROMPT_INJECTION]: The skill utilizes a templating system for agent creation which represents a surface for indirect prompt injection via user-supplied variables.
  • Ingestion points: Variables in references/templates/agent-template.md such as <agent-name>, <technology>, and <features>.
  • Boundary markers: No specific delimiters or instructions are provided in the templates to isolate user-provided metadata from the agent's core instructions.
  • Capability inventory: The resulting agents are designed to use powerful tools including Write, Edit, Bash, and web-search capabilities via mcp__exa__web_search_exa (file: references/templates/agent-template.md).
  • Sanitization: The skill does not describe any sanitization or validation steps for the values interpolated into the agent templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 08:59 AM
Security Audit — agent-trust-hub — agent-creator