skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pyperforms file system operations including directory creation and file writing based on user-supplied arguments. It also programmatically sets execution permissions (0o755) on dynamically created Python scripts.\n- [COMMAND_EXECUTION]: Thescripts/init_skill.pyscript generates new executable content by interpolating user-provided skill names into pre-defined Python templates. This runtime generation of scripts and subsequent file system modification is a core feature of the skill creator.\n- [COMMAND_EXECUTION]: The skill enables writing to local file system paths specified by the user through command-line arguments inscripts/init_skill.py. While the script checks if a directory exists before creation, it lacks rigorous sanitization of the path argument before performing file system operations.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface inscripts/init_skill.pywhere untrusted user input is interpolated into script templates. Evidence Chain:\n - Ingestion point: sys.argv in
scripts/init_skill.py\n - Boundary markers: Absent during template interpolation\n
- Capability inventory: File system writes and permission modifications in
scripts/init_skill.py\n - Sanitization: Input validation is absent during initialization, though separate validation logic exists in
scripts/quick_validate.py.
Audit Metadata