skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py) that perform local file system operations, such as creating directories, writing template files, and zipping skill folders. These operations are restricted to the local environment and are appropriate for the skill's purpose as a developer tool. - [SAFE]: The
quick_validate.pyscript correctly usesyaml.safe_load()to parse YAML frontmatter in skill metadata, which prevents potential arbitrary code execution vulnerabilities during the parsing process. - [SAFE]: The skill implements strict input validation using regular expressions for skill names and character limits for descriptions, ensuring that generated files and metadata follow safe naming conventions and mitigating basic injection risks.
Audit Metadata