create-skill
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill's review and upgrade modes process external files, which could contain instructions intended to influence the auditing agent's behavior.\n
- Ingestion points: Target skill files (SKILL.md, rules/*.md) ingested for analysis in review and upgrade modes.\n
- Boundary markers: No explicit instructions are provided to use delimiters or ignore instructions within the processed data.\n
- Capability inventory: The skill can write files and execute local shell commands for symlinking and inventory management.\n
- Sanitization: New skill names are validated against a strict regex pattern (kebab-case) and checked for reserved words to prevent command injection or path traversal.\n- [DYNAMIC_EXECUTION]: The skill executes shell commands such as ln -s and readlink during the wiring phase to establish directory structures for local development. These operations are restricted to the local filesystem and the project's repository structure.
Audit Metadata