Skills
skills/richfrem/project_sanctuary/create-hook/Gen Agent Trust Hub

create-hook

Warn

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/scaffold.py script contains a code generation vulnerability in the create_skill function. It uses Python's .format() method to interpolate the user-provided description argument directly into the execute.py.jinja template. Because there is no sanitization on this input, an attacker can provide a description that breaks out of the string literal in the generated Python script to execute arbitrary commands.
  • [PROMPT_INJECTION]: The create_sub_agent and create_command functions in scripts/scaffold.py interpolate the unsanitized description field into Markdown-based agent and command templates. This enables instruction injection into the generated artifacts, which could be used to manipulate the behavior of sub-agents or slash commands created by the tool.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute the scaffold.py script using the Bash tool. While the specific example provided for create-hook is safer due to JSON serialization, the inclusion of the broader, vulnerable scaffolding logic within the skill's package poses a risk if the agent is tasked with creating other resource types using the same tool.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 24, 2026, 08:28 AM
Security Audit — agent-trust-hub — create-hook