skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill serves as a development tool for creating and validating other agent skills. No malicious instructions or unsafe data handling were detected.
- [COMMAND_EXECUTION]: The skill includes Python scripts (init_skills.py and quick_validate.py) for local file system management and YAML validation. These scripts use safe APIs like pathlib and do not execute external or unverified code.
- [SAFE]: Metadata validation is performed using yaml.safe_load(), which correctly mitigates risks associated with unsafe YAML deserialization.
- [SAFE]: The alert regarding 'product.md' is identified as a false positive, as it refers to an example filename within the documentation text and not a malicious remote resource.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata