Skills
skills/oimiragieo/agent-studio/rule-creator/Gen Agent Trust Hub

rule-creator

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands and local scripts as part of its mandatory workflow.
  • Evidence: Execution of pnpm index-rules in SKILL.md to register new rules.
  • Evidence: Execution of node .claude/tools/cli/validate-integration.cjs <rule-path> for artifact validation.
  • Evidence: Shell command test -f .claude/rules/<rule-name>.md used to check for existing files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it creates persistent instruction files (rules) from user-provided input.
  • Ingestion points: args.content and args.name in SKILL.md and scripts/main.cjs.
  • Boundary markers: None. The rule content is written directly to markdown files without encapsulation or 'ignore' instructions.
  • Capability inventory: The skill has the capability to write files to the local file system (.claude/rules/) and trigger indexing commands.
  • Sanitization: scripts/main.cjs includes a sanitization step for the rule name (replace(/[^a-z0-9-]/g, '-')), which effectively prevents path traversal attacks. Content is checked for being non-empty.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically loads local Node.js modules that are external to the skill bundle but part of the expected host environment.
  • Evidence: require('.claude/lib/creators/creator-commons.cjs') and require('.claude/lib/creators/companion-check.cjs') in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill requires research using well-known external services for best practices.
  • Evidence: Instructions to use the Exa tool and arXiv via WebFetch for implementation research in the 'Research Gate' section of SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:22 PM
Security Audit — agent-trust-hub — rule-creator