create-skill
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a self-testing protocol in Step 5 where it instructs the agent to simulate a stateless environment ("pretend you are a different AI session with no memory of this conversation"). This is used for internal verification of the generated skill's autonomy and is not an attempt to bypass system safety filters.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data to generate new instructions:
- Ingestion points: User descriptions of manual workflows (Step 1) and existing project files used as test targets (Step 5).
- Boundary markers: Absent; the skill does not specify the use of delimiters when reading external project files for verification.
- Capability inventory: The skill has file system access to create directories and write SKILL.md files, as well as modify project configuration (CLAUDE.md and .claude/harness.json).
- Sanitization: Absent; instructions are generated based on the raw analysis of input patterns.
- [COMMAND_EXECUTION]: The skill performs localized file system operations to manage its own lifecycle, including creating the skill directory structure and updating registration manifests in .claude/harness.json.
Audit Metadata