skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Secure YAML Parsing. The validation script uses yaml.safe_load() in scripts/quick_validate.py to parse skill metadata, which prevents arbitrary code execution vulnerabilities associated with unsafe YAML loading. \n- [SAFE] (SAFE): Input Validation and Sanitization. scripts/quick_validate.py implements robust validation, including regex checks for hyphen-case naming conventions, character filtering for angle brackets in descriptions, and strict length constraints for metadata fields. \n- [SAFE] (SAFE): Secure File Operations. The packaging script scripts/package_skill.py utilizes the standard zipfile library and pathlib for file system interactions, avoiding risky shell command executions or unsafe path concatenations.
Audit Metadata