skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to audit, review, and clean up existing skill files or SKILL.md content, which creates a surface for indirect prompt injection.\n
- Ingestion points: User-provided skill files or directory contents used for auditing or improvement tasks.\n
- Boundary markers: None; the instructions do not define or use specific delimiters to isolate external skill content from the agent's logic.\n
- Capability inventory: The skill utilizes scripts that can read, write, and package files, and modify file system permissions.\n
- Sanitization: Scripts include path normalization and name sanitization, but do not perform semantic sanitization of the analyzed instruction content.\n- [COMMAND_EXECUTION]: The skill provides and executes local Python scripts that interact with the host file system and modify file settings.\n
- scripts/init_skill.py: Creates project directories and sets execution bits (chmod 0o755) on newly generated template scripts.\n
- scripts/package_skill.py: Performs directory scanning and creates zip archives, though it implements security checks to prevent symlink inclusion and path traversal.
Audit Metadata