skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The
package_skill.shscript includes a robust exclusion list (EXCLUDE_PATTERNS) that prevents the accidental inclusion of sensitive files like.env,.pem,id_rsa, andcredentialsin distributed zip files. - [COMMAND_EXECUTION] (SAFE): All scripts (
init_skill.sh,validate_skill.sh,package_skill.sh) utilize standard system utilities such asawk,sed,zip, andfindfor local file operations. The scripts perform directory existence checks and regex-based name validation to prevent path traversal or unintended file creation. - [PROMPT_INJECTION] (SAFE): The content is purely instructional and metadata-focused. It contains no instructions directed at the agent to ignore safety protocols or override its core identity.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not fetch external code or dependencies at runtime; it operates entirely with local templates and system commands.
- [OBFUSCATION] (SAFE): The code and documentation are transparent and well-commented, with no evidence of encoding or hidden characters intended to deceive analysis.
Audit Metadata