agent-creator
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest sub-agent specification from the official OpenHands documentation at
docs.openhands.dev. This is a trusted vendor resource used to ensure generated files match the current platform requirements. - [COMMAND_EXECUTION]: The skill is designed to save generated Markdown files to the local file system at specific paths (
.agents/agents/or~/.agents/agents/). This is the intended primary purpose of the skill and is confined to agent configuration directories. - [PROMPT_INJECTION]: Because the skill incorporates untrusted user input from the interview process into the system prompt of a new sub-agent, it has an inherent surface for indirect prompt injection.
- Ingestion points: User responses during the 10-step interview process defined in
SKILL.md. - Boundary markers: The skill mandates the use of an 'Output Format' section with concrete templates in the generated prompt to constrain sub-agent behavior.
- Capability inventory: The skill uses file writing capabilities to save the agent definition to the disk.
- Sanitization: The skill includes multiple mandatory human-in-the-loop confirmation steps (Steps 3, 4, and 6) where the user must review and approve the requirements, classification, and final draft before the file is generated.
Audit Metadata