create-agent
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands via the Bash tool to perform file operations, including searching registries (grep), copying templates (cp), managing discovery symlinks (ln, readlink), and executing local scripts (npm run). These actions are restricted to the local repository context.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by accepting user-provided text for agent metadata and purpose and writing it into markdown files. 1. Ingestion points: Agent name, description, and purpose inputs defined in the SKILL.md. 2. Boundary markers: No explicit delimiters or instructions are used to separate user-provided content from the file structure. 3. Capability inventory: The skill uses Write, Edit, and Bash tools to modify files in the repository. 4. Sanitization: The procedure includes YAML syntax validation but lacks semantic sanitization of the provided text.
Audit Metadata