company-creator
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
git cloneandgit ls-remoteto retrieve and analyze external repositories provided by the user. While core to the functionality, executing commands on untrusted URLs is an established attack surface. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests data from external repositories (such as READMEs and existing agent configurations) to generate instructions for new agents. Malicious content within a repository could be designed to manipulate the agent during the generation process or embed malicious instructions in the final package.
- Ingestion points: Files from external Git repositories are cloned and read to inform the company structure and agent roles.
- Boundary markers: There are no explicit instructions or delimiters used to separate the untrusted repository content from the agent's core instructions.
- Capability inventory: The agent can execute shell commands (
git), perform file system writes to create the company package, and generate instructions for multiple agents. - Sanitization: Content extracted from external repositories is not sanitized or validated before being used to generate agent instructions.
Audit Metadata