skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE: The skill consists of helper scripts and documentation templates intended for skill development and maintenance.
- PROMPT_INJECTION (SAFE): Instructional content in the reference files (output-patterns.md, workflows.md) provides formatting guidance and sequential logic for the agent. These are standard task-specific instructions and do not attempt to bypass safety filters, extract system prompts, or override core safety instructions.
- REMOTE_CODE_EXECUTION (SAFE): Python scripts use standard libraries. The script
quick_validate.pycorrectly usesyaml.safe_load()to parse frontmatter, which is a security best practice that prevents arbitrary code execution during YAML deserialization. - DATA_EXPOSURE (SAFE): The packaging script
package_skill.pyreads local files to create a ZIP archive. This behavior is localized to the user-provided directory and does not access sensitive system paths (~/.ssh, etc.) or include network exfiltration capabilities.
Audit Metadata