steel-skill-creator
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions and internal scripts (e.g.,
scripts/fetch_trace.mjsandreferences/skill-template.md) promote the installation of dependencies using the commandcurl -fsS https://setup.steel.dev | sh. This pattern executes remote code directly in the user's shell without pre-verification or integrity checks. - [COMMAND_EXECUTION]: The skill includes a dedicated script
scripts/install_skill.mjsdesigned to write AI-generated skill files to the user's home directory at~/.claude/skills/. This allows for the persistent modification of the agent's environment and the installation of new executable instructions. - [COMMAND_EXECUTION]: The skill performs multiple automated tasks by spawning subprocesses for the
steelCLI and local Node.js scripts to manage browser sessions, fetch traces, and scaffold new project files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests browser traces containing arbitrary data from external websites (such as page titles and element labels) and uses this untrusted data to 'reason' about and generate logic for new agent skills. This could allow a malicious website to influence the structure or behavior of generated skills.
Recommendations
- HIGH: Downloads and executes remote code from: https://setup.steel.dev - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata