Skills
skills/lili-luo/aicoding-cookbook/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/init_skill.py performs a permission change using chmod(0o755) on a dynamically generated template script. This action allows the file to be executed as a program. While standard for a development tool, it represents a command execution capability on generated files.
  • [PROMPT_INJECTION]: The skill acts as a generator for other skills, which introduces a surface area for indirect prompt injection. Untrusted data used during the initialization or packaging process could influence the content of the resulting skill files.
  • Ingestion points: Arguments provided to scripts/init_skill.py (name and path).
  • Boundary markers: Not utilized in the generated templates to isolate user-provided content.
  • Capability inventory: File system writing, directory creation, and zip archiving.
  • Sanitization: Limited to basic naming regex and description checks for specific characters like angle brackets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:15 AM