Skills
skills/jvgomg/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to execute external commands and internal scripts. Specifically, scripts/run_eval.py and scripts/improve_description.py execute the claude command-line interface via subprocess.Popen and subprocess.run. run_eval.py passes user-defined queries from an evals.json file directly as arguments to claude -p. While the queries are passed as list arguments (reducing direct shell injection risk), they result in the execution of the LLM against untrusted strings within a high-privilege CLI environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from multiple sources: test queries defined in evals/evals.json, user intent captured during the 'Capture Intent' phase, and user feedback stored in feedback.json.
  • Ingestion points: evals/evals.json (eval prompts), feedback.json (review comments).
  • Boundary markers: Absent; untrusted content is interpolated directly into prompts for subagents or the description optimizer.
  • Capability inventory: The skill can execute the claude CLI, which has access to the user's filesystem and tools, and can write new .skill files via scripts/package_skill.py.
  • Sanitization: No explicit sanitization or instruction-filtering is performed on the ingested queries or feedback before they are processed by the LLM.
  • [PROMPT_INJECTION]: The SKILL.md instructions contain directives that attempt to influence the agent's default triggering behavior. Specifically, it instructs the agent to 'make the skill descriptions a little bit pushy' and to explicitly tell the model to 'Use this skill whenever...' to combat 'undertriggering'. This is a form of instruction override aimed at the system's skill-selection logic.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer/generate_review.py script launches a local HTTP server using Python's HTTPServer module on 127.0.0.1. While limited to the local interface, this server provides access to files within the workspace directory, including scripts and generated outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 07:37 PM