agent-creator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it ingests untrusted user input (role descriptions or job specifications) and interpolates this data into the final agent definition (specifically in the SOP and Role Identity sections). While the skill's structured methodology acts as a natural filter, there are no explicit sanitization routines or delimiters to prevent malicious instructions in the input from being persisted in the generated files.
- Ingestion points: User input and role documents in Step 1 and Step 2 of the behavioral instructions.
- Boundary markers: Absent; the skill relies on the LLM's interpretation of the research components to structure the data.
- Capability inventory: File system write access to the
.claude/agents/directory and web search functionality for role research. - Sanitization: Absent; the skill performs restructuring and validation against internal benchmarks (PRISM) but does not escape or sanitize the raw input content.
Audit Metadata