Skills
skills/zenless-lab/skills/agent-skills-crafter/Gen Agent Trust Hub

agent-skills-crafter

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill operates by ingesting user-provided requirements to scaffold new agent instructions and scripts, creating a surface for indirect prompt injection.
  • Ingestion points: User prompts requesting the creation, evaluation, or improvement of agent workflows and capabilities as described in SKILL.md.
  • Boundary markers: The documentation lacks guidance on using delimiters or explicit 'ignore embedded instructions' warnings when the agent is processing user-provided domain knowledge.
  • Capability inventory: The skill guides the agent to create and execute scripts via uv run and npx, as detailed in references/scripts.md and assets/skill_template.md.
  • Sanitization: No specific sanitization or validation logic is prescribed for filtering user-provided requirements before they are incorporated into generated skill files.
  • [EXTERNAL_DOWNLOADS]: The documentation encourages the use of external package managers to resolve script dependencies.
  • Evidence: The skill recommends using uv add, uv run, and npx for dependency management and execution in references/scripts.md and assets/skill_template.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 06:28 AM