Skills
skills/popup-studio-ai/bkit-claude-code/skill-create/Gen Agent Trust Hub

skill-create

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands via the Bash tool to scan the project directory and identify technology stacks and patterns.
  • [INDIRECT_PROMPT_INJECTION]: The skill derives instructions for newly generated skills from project-local data, which could be influenced by malicious content in the scanned files.
  • Ingestion points: The skill reads CLAUDE.md, .bkit/btw-suggestions.json, and various project source files.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate untrusted content during the skill generation process.
  • Capability inventory: The skill leverages Bash, Write, and Edit tools to perform its analysis and file creation.
  • Sanitization: File content ingested during analysis is not sanitized before being incorporated into generated skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 10:30 AM
Security Audit — agent-trust-hub — skill-create