skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/package_skill.pyperforms file system operations (reading, writing, and zipping) using standard Python libraries likepathlibandzipfile. These operations are local to the user-specified directory and do not involve shell execution of untrusted input. - [REMOTE_CODE_EXECUTION] (SAFE): No remote code execution patterns, external downloads, or network requests were found in any of the scripts.
- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive files (e.g., SSH keys, credentials) or perform network operations. It strictly manages skill metadata and packaging.
- [PROMPT_INJECTION] (SAFE): The documentation files (
references/output-patterns.md,references/workflows.md) contain instructional templates but do not include patterns designed to bypass AI safety guardrails or override system instructions. - [DYNAMIC_EXECUTION] (SAFE): The
scripts/quick_validate.pyscript usesyaml.safe_load()to parse frontmatter, which is the recommended secure way to handle YAML data.
Audit Metadata