Skills
skills/involvex/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions in SKILL.md command the agent to execute a local Python script using user-controlled metadata: python3 scripts/validate-metadata.py --name "[name]" --description "[description]". The use of unquoted placeholders for the name and description allows for shell metacharacter injection, which could result in arbitrary command execution if the agent does not handle the interpolation safely.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by using untrusted inputs in a privileged shell execution context.
  • Ingestion points: Metadata fields [name] and [description] processed in the SKILL.md workflow.
  • Boundary markers: Absent in the shell command template provided in the instructions.
  • Capability inventory: Execution of local scripts and system commands via shell.
  • Sanitization: The validation script performs post-execution logic checks but does not sanitize the command line arguments prior to shell parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:23 PM
Security Audit — agent-trust-hub — skill-creator