create-agent
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No critical security vulnerabilities or malicious patterns were detected in the skill instructions or tool configurations.
- [COMMAND_EXECUTION]: The skill utilizes restricted Bash commands to list and read files from
~/.self-driving-agents/. This access is scoped to specific data directories intended for agent knowledge seeding. - [DATA_EXPOSURE]: The skill is designed to ingest local file contents into the Hindsight memory system. This is an intentional data-handling practice for creating context-aware agents and does not involve exfiltration to untrusted external domains.
- [PROMPT_INJECTION]: The instructions for the generated subagent include a directive to perform memory-page creation silently. While this reduces user oversight for memory updates, it is a common design pattern for background memory management in the Hindsight ecosystem.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by interpolating unverified user input and file content into the generated agent configuration file.
- Ingestion points: Files retrieved from
~/.self-driving-agents/and user-provided description text. - Boundary markers: No delimiters or safety instructions are used to isolate external content from the subagent's system instructions.
- Capability inventory: The created subagents possess the ability to create, update, and recall information from long-term memory via Hindsight tools.
- Sanitization: User-provided strings and file contents are used directly without sanitization.
Audit Metadata