create-local-skill
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform several shell operations including directory creation (
mkdir -p), symlink creation (ln -s), and file verification (ls -la). These are standard operations for the skill's stated purpose of managing project configuration. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because user-provided content is used to derive a skill name that is then interpolated into shell commands.
- Ingestion points: User input describing the desired skill functionality is ingested in Step 1 of the workflow.
- Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard instructions embedded within the user's description.
- Capability inventory: The skill utilizes shell command execution capabilities (
mkdir,ln) across its workflow. - Sanitization: While the skill instructs the agent to "Derive a kebab-case name," there is no programmatic validation or strict enforcement to prevent a malicious user from providing a name containing shell metacharacters (e.g.,
;,|,&) that could lead to command injection.
Audit Metadata