skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements validation logic in
quick_validate.pyusingyaml.safe_load(), which prevents arbitrary code execution during the parsing of skill metadata. - [COMMAND_EXECUTION]: The
init_skill.pyscript performs file system operations, including directory creation and writing template files. It sets executable permissions on generated scripts usingchmod. These actions are restricted to the local environment and are standard for development scaffolding tools. - [DATA_EXPOSURE]: Analysis of all scripts and reference files confirmed the absence of hardcoded credentials, API keys, or access to sensitive system directories.
- [EXTERNAL_DOWNLOADS]: The skill does not contain any code that makes network requests or downloads external resources during its operation.
Audit Metadata