create-skill
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a meta-utility for scaffolding and reviewing other skills. It contains no malicious code or instructions and adheres to the platform's documented best practices.
- [SAFE]: The skill uses the Agent tool in Step 5 to spawn a subagent for reviewing generated content. This follows the platform's recommended pattern for workflow automation and includes explicit model configuration to ensure reliable execution.
- [SAFE]: Indirect Prompt Injection Surface. The skill ingests user-provided examples and documentation to generate new skill content. While this creates a data ingestion surface, the risk is minimal as the process is transparent and intended for user-directed file creation. Ingestion points: Step 1 and Step 4 in SKILL.md. Boundary markers: Absent. Capability inventory: Agent tool, TaskCreate tool, and shell script execution. Sanitization: Absent.
Audit Metadata