skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script using arguments derived from user input. Specifically, the instruction python scripts/validate-metadata.py --name "[name]" --description "[description]" in SKILL.md interpolates unvalidated strings directly into a command line.
  • Ingestion points: User-provided name and description variables are ingested in SKILL.md (Step 1.3).
  • Boundary markers: Absent. Although double quotes are used in the instruction, they are insufficient to prevent shell expansion (e.g., $(...) or `...`) or command chaining in many shell environments if the agent invokes the command through a shell.
  • Capability inventory: Execution of a local Python script (scripts/validate-metadata.py) via the system command line, as described in SKILL.md.
  • Sanitization: Absent. The instructions do not command the agent to escape or sanitize shell-sensitive characters from the user-provided metadata before passing them to the script.
  • [PROMPT_INJECTION]: The skill configuration presents an indirect prompt injection surface. A malicious user providing a crafted description containing shell metacharacters or embedded instructions could attempt to escape the intended command context to execute arbitrary shell commands or manipulate the agent's internal state during the validation phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 12:46 AM
Security Audit — agent-trust-hub — skill-creator