skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): The
quick_validate.pyscript usesyaml.safe_load(), which is the secure way to parse YAML and prevents arbitrary code execution during deserialization. - [SAFE] (SAFE): The scripts perform validation on skill metadata (name and description), including length checks and character restrictions, reducing the risk of filesystem issues or metadata-based injection.
- [SAFE] (SAFE): The
package_skill.pyscript uses standard library functions to create ZIP archives and does not exhibit any command injection or privilege escalation vulnerabilities.
Audit Metadata