skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The scripts package_skill.py and quick_validate.py perform standard file operations (reading, writing, and zipping) using built-in libraries without executing external shells or untrusted subprocesses.
- [REMOTE_CODE_EXECUTION] (SAFE): No dynamic code execution (eval/exec) or remote script downloads were detected. The YAML parsing is handled via safe_load to prevent deserialization attacks.
- [PROMPT_INJECTION] (SAFE): The provided markdown documentation includes instructional templates for agent behavior that are benign and do not attempt to override safety protocols or bypass system constraints.
- [DATA_EXFILTRATION] (SAFE): There is no access to sensitive system paths or credentials, and the scripts do not initiate any network connections.
Audit Metadata