skill-creator

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill instructs the agent to read and summarize descriptions from existing skill files in the skills/ directory to check for functional overlap. This creates a surface where malicious instructions embedded in those files could be ingested into the agent context. 1. Ingestion points: Step 1 (Discover) in SKILL.md reads and skims files matching skills/*/SKILL.md. 2. Boundary markers: Absent. No specific delimiters or instructions to ignore embedded instructions are provided when reading these external files. 3. Capability inventory: The agent has capabilities to write files to the file system, execute local shell commands via pnpm, and dispatch sub-agents using the /skill-eval tool. 4. Sanitization: Absent. No validation or filtering is performed on the ingested skill descriptions before they are processed by the agent.
  • [COMMAND_EXECUTION]: Local Development Commands. The skill workflow involves executing routine shell commands as part of its core functionality. This includes ls skills/ for repository discovery and pnpm skill-tools lint for automated validation of generated skill files. These commands are typical for a software development utility and are intended for local environment use.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:27 PM
Security Audit — agent-trust-hub — skill-creator