skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script using arguments derived from user input. Specifically, the instruction
python scripts/validate-metadata.py --name "[name]" --description "[description]"inSKILL.mdinterpolates unvalidated strings directly into a command line. - Ingestion points: User-provided
nameanddescriptionvariables are ingested inSKILL.md(Step 1.3). - Boundary markers: Absent. Although double quotes are used in the instruction, they are insufficient to prevent shell expansion (e.g.,
$(...)or`...`) or command chaining in many shell environments if the agent invokes the command through a shell. - Capability inventory: Execution of a local Python script (
scripts/validate-metadata.py) via the system command line, as described inSKILL.md. - Sanitization: Absent. The instructions do not command the agent to escape or sanitize shell-sensitive characters from the user-provided metadata before passing them to the script.
- [PROMPT_INJECTION]: The skill configuration presents an indirect prompt injection surface. A malicious user providing a crafted
descriptioncontaining shell metacharacters or embedded instructions could attempt to escape the intended command context to execute arbitrary shell commands or manipulate the agent's internal state during the validation phase.
Audit Metadata