skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to audit, review, and clean up existing skill files or SKILL.md content, which creates a surface for indirect prompt injection.\n
  • Ingestion points: User-provided skill files or directory contents used for auditing or improvement tasks.\n
  • Boundary markers: None; the instructions do not define or use specific delimiters to isolate external skill content from the agent's logic.\n
  • Capability inventory: The skill utilizes scripts that can read, write, and package files, and modify file system permissions.\n
  • Sanitization: Scripts include path normalization and name sanitization, but do not perform semantic sanitization of the analyzed instruction content.\n- [COMMAND_EXECUTION]: The skill provides and executes local Python scripts that interact with the host file system and modify file settings.\n
  • scripts/init_skill.py: Creates project directories and sets execution bits (chmod 0o755) on newly generated template scripts.\n
  • scripts/package_skill.py: Performs directory scanning and creates zip archives, though it implements security checks to prevent symlink inclusion and path traversal.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:07 AM
Security Audit — agent-trust-hub — skill-creator