skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security threats detected. The scripts function as intended for local development workflows.
- [COMMAND_EXECUTION] (SAFE): The code uses standard library modules (
pathlib,zipfile,sys) for filesystem operations. There are no calls tosubprocess.run,os.system, orevalthat would allow arbitrary command execution. - [EXTERNAL_DOWNLOADS] (SAFE): The scripts do not contain any network-related code (e.g.,
requests,urllib,curl) and do not attempt to download external resources. - [DATA_EXFILTRATION] (SAFE): The file operations are restricted to the provided skill path and a specified output directory. No sensitive system paths (e.g.,
~/.ssh,.env) are accessed, and no data is transmitted externally. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or passwords were found in the scripts.
Audit Metadata