skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a meta-utility for skill creation, consisting primarily of documentation and local management scripts.
- [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py) that perform local file system operations.init_skill.pycreates directory structures and template files, usingPath.mkdir()andPath.write_text().package_skill.pyuses thezipfilemodule to aggregate files into a distributable format. These operations are constrained to user-provided paths and align with the skill's primary purpose. - [PRIVILEGE_ESCALATION]: The
init_skill.pyscript applieschmod(0o755)to a newly created example script. While this modifies file permissions to make the script executable, it is a standard and expected behavior for a project initialization tool and is performed only on files created by the tool itself. - [DATA_EXPOSURE]: No hardcoded credentials, API keys, or sensitive file paths were identified. The scripts do not perform any network operations or external data transmissions.
- [REMOTE_CODE_EXECUTION]: No patterns of remote script execution or unsafe dynamic code evaluation were detected. The validation logic in
quick_validate.pyusesyaml.safe_load()to prevent arbitrary code execution during YAML parsing. - [PROMPT_INJECTION]: The instructions in
SKILL.mdand the reference files are strictly instructional and procedural. They do not contain markers intended to bypass agent constraints or safety protocols.
Audit Metadata