skill-creator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill instructs the agent to read and summarize descriptions from existing skill files in the
skills/directory to check for functional overlap. This creates a surface where malicious instructions embedded in those files could be ingested into the agent context. 1. Ingestion points: Step 1 (Discover) inSKILL.mdreads and skims files matchingskills/*/SKILL.md. 2. Boundary markers: Absent. No specific delimiters or instructions to ignore embedded instructions are provided when reading these external files. 3. Capability inventory: The agent has capabilities to write files to the file system, execute local shell commands viapnpm, and dispatch sub-agents using the/skill-evaltool. 4. Sanitization: Absent. No validation or filtering is performed on the ingested skill descriptions before they are processed by the agent. - [COMMAND_EXECUTION]: Local Development Commands. The skill workflow involves executing routine shell commands as part of its core functionality. This includes
ls skills/for repository discovery andpnpm skill-tools lintfor automated validation of generated skill files. These commands are typical for a software development utility and are intended for local environment use.
Audit Metadata