Skills
skills/learnwy/skills/project-skill-writer/Gen Agent Trust Hub

project-skill-writer

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted user input (problem descriptions) to generate new agent instructions (SKILL.md files), which could incorporate malicious directives if the input is adversarial.
  • Ingestion points: Problem descriptions are captured in SKILL.md (L1) and processed by agents/project-scanner.md.
  • Boundary markers: The skill explicitly includes a validation step (SKILL.md L4) that forces the agent to wait for user confirmation before generating any files.
  • Capability inventory: The skill uses scripts/init_skill.cjs to perform file-system write operations.
  • Sanitization: The generation process uses a basic string-replacement template system in scripts/init_skill.cjs without advanced sanitization of user-provided strings.
  • [COMMAND_EXECUTION]: Local Script Execution. The skill invokes a local Node.js script, scripts/init_skill.cjs, to scaffold the new skill directory and files.
  • Security Controls: The script includes a defensive validateOutputPath function that actively blocks attempts to write files into sensitive global configuration directories such as ~/.trae, ~/.claude, or ~/.cursor.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:01 PM