creating-agent-skills
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a development guideline for building agent capabilities. It encourages concise documentation, proper file naming, and repository integration.
- [COMMAND_EXECUTION]: The validation workflow (Step 8) includes instructions for the agent to run validation tools like
skills-refand to test newly created scripts. These actions are standard components of a development and verification lifecycle. - [SAFE]: The skill possesses an inherent attack surface for indirect prompt injection as it processes user input to generate executable content.
- Ingestion points: User-provided requirements, naming rules, and examples used to scaffold new skills (SKILL.md, Workflow Step 1).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the generated output.
- Capability inventory: The agent is instructed to write files (SKILL.md, Workflow Step 4-6) and execute scripts for testing purposes (Step 8).
- Sanitization: No explicit sanitization or filtering of user input is described in the workflow.
Audit Metadata