skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate developer workflow for creating and managing agent skills. The included Python scripts (
init_skill.py,package_skill.py,quick_validate.py) perform local file and directory operations restricted to the user-specified paths. - [SAFE]: Data processing is handled securely. Specifically,
quick_validate.pyusesyaml.safe_load()to parse YAML metadata, which is the recommended practice to prevent arbitrary code execution during deserialization. - [SAFE]: No unauthorized network operations, data exfiltration attempts, or hardcoded credentials were detected. The scripts do not download or execute external code from remote sources.
- [SAFE]: The skill uses
pathlib.Path.resolve()when handling file paths, which helps ensure that file operations remain within the intended directory structure.
Audit Metadata