agent-creator
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its primary design: expanding user-provided one-liners into detailed system prompts (personas) for new subagents.
- Ingestion points: User descriptions and requirements for a new agent's purpose and persona are collected in Step 1 and expanded in Step 2 to form the identity of the generated subagent.
- Boundary markers: The skill proactively includes a mandatory "Prompt Defense Baseline" in the header of the generated agent files (Step 5) to mitigate risks of the subagent being compromised by adversarial inputs.
- Capability inventory: Generated subagents are configured with file-system tools like Read, Grep, and Glob, and can be granted Bash access if requested by the user, providing a potential pathway for malicious actions if the generated prompt is compromised.
- Sanitization: The skill enforces strict regex validation (
^[a-z0-9]+(-[a-z0-9]+)*$) for agent and plugin names to prevent directory traversal or command injection in paths, but it does not perform semantic validation or sanitization on the user-provided persona descriptions.
Audit Metadata