skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The packaging script reads local files to create a ZIP archive but does not perform any network operations or access sensitive system paths outside the target skill directory.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts use standard Python libraries (pathlib, zipfile, re) and the common PyYAML library. No dynamic code execution (eval/exec) or remote script downloads were found.
- Dynamic Execution (SAFE): quick_validate.py uses yaml.safe_load() to parse frontmatter, preventing unsafe object instantiation during YAML processing.
Audit Metadata