create-command
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands via the Bash tool to manage skill directory structures and initialize git state for newly created components.
- [EXTERNAL_DOWNLOADS]: Fetches up-to-date specifications and best practices from official documentation at code.claude.com. This is a trusted source used to ensure generated skills comply with platform standards.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads existing skill files and user-provided descriptions to influence the generation of new skill code.
- Ingestion points: Processes user-supplied arguments and parses existing skill definitions within the .claude/skills/ directory.
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands when interpolating retrieved data into agent prompts.
- Capability inventory: Includes the ability to write files to the local system and execute restricted git and directory commands.
- Sanitization: No explicit sanitization or validation of the input content is implemented before it is used to generate new skill files.
Audit Metadata