skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a standard iterative development loop (draft, test, evaluate, improve) to help users build other AI agent skills.
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
aggregate_benchmark.py,generate_review.py,package_skill.py) and standard system commands (kill,python,nohup). These are used for benchmarking, generating reports, and packaging the final skill. - [EXTERNAL_DOWNLOADS]: The skill references standard CDNs (Google Fonts, SheetJS via cdn.sheetjs.com) and the Apache 2.0 license. These are well-known, trusted sources for web assets and licensing.
- [PROMPT_INJECTION]: While the skill instructions use pushy language to ensure the agent triggers correctly (e.g., "Make sure to use this skill whenever..."), this is a documented design pattern for skill optimization and does not represent a safety bypass or malicious injection.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Network operations are limited to a local HTTP server for the evaluation viewer and standard CLI interactions.
Audit Metadata