Skills
skills/notque/claude-code-toolkit/skill-creation-pipeline/Gen Agent Trust Hub

skill-creation-pipeline

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-supplied 'domain keywords' directly into a shell command (grep -i "<keyword>" ...). This pattern is susceptible to command injection if the agent does not sanitize the input, potentially allowing an attacker to execute arbitrary commands through the Bash tool.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted user descriptions to generate new SKILL.md files.
  • Ingestion points: User-provided domain descriptions and keywords enter the pipeline in Phase 1 (DISCOVER) and Phase 2 (DESIGN).
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within the user's request.
  • Capability inventory: The skill possesses Bash, Edit, Write, and Agent tools, which can be misused if the generated skill contains malicious instructions.
  • Sanitization: There is no evidence of input validation or escaping before the user's description is used to scaffold the new instruction file.
  • [COMMAND_EXECUTION]: The skill executes local scripts (python3 scripts/adr-query.py) and invokes external agent skills (agent-evaluation, routing-table-updater). This creates a complex chain of execution where untrusted input from the skill-creation process could trigger unintended actions in downstream tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 04:37 PM
Security Audit — agent-trust-hub — skill-creation-pipeline