creating-agent-skills

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a development guideline for building agent capabilities. It encourages concise documentation, proper file naming, and repository integration.
  • [COMMAND_EXECUTION]: The validation workflow (Step 8) includes instructions for the agent to run validation tools like skills-ref and to test newly created scripts. These actions are standard components of a development and verification lifecycle.
  • [SAFE]: The skill possesses an inherent attack surface for indirect prompt injection as it processes user input to generate executable content.
  • Ingestion points: User-provided requirements, naming rules, and examples used to scaffold new skills (SKILL.md, Workflow Step 1).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the generated output.
  • Capability inventory: The agent is instructed to write files (SKILL.md, Workflow Step 4-6) and execute scripts for testing purposes (Step 8).
  • Sanitization: No explicit sanitization or filtering of user input is described in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 05:19 AM
Security Audit — agent-trust-hub — creating-agent-skills