Skills
skills/lovstudio/xbti-creator-skill/lovstudio-xbti-creator/Gen Agent Trust Hub

lovstudio-xbti-creator

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to automate project setup and image generation. In Step 9, it executes a Node.js one-liner where user-provided strings (like the test name and theme) are interpolated into the command. This represents a potential command injection surface if the inputs are not properly handled by the agent during the task execution.
  • [EXTERNAL_DOWNLOADS]: The skill clones the XBTI engine from the author's GitHub repository and installs Python dependencies (google-genai, Pillow) and Node.js packages. It also retrieves an additional skill (lovstudio:image-creator) using the npx skills add command.
  • [REMOTE_CODE_EXECUTION]: During the project submission process in Step 9, the skill uses Node.js to require several JavaScript files that were dynamically generated by the AI based on user input. This pattern involves executing code that is programmatically derived from external input.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it incorporates untrusted user input (theme and preferences) directly into the generation logic for project files and metadata.
  • Ingestion points: User preferences collected via AskUserQuestion in the workflow's first step (theme, name, style).
  • Boundary markers: None identified in the prompt instructions to isolate or delimit user input.
  • Capability inventory: The skill uses Bash, Write, and Edit tools to create and modify files, and git for repository management.
  • Sanitization: No explicit sanitization or validation logic is defined for the user-provided strings before they are used in code generation and shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:08 AM