skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides utility scripts
scripts/init_skill.pyandscripts/package_skill.pyintended for use by the agent. These scripts perform standard file system operations such as directory creation, template writing, and ZIP archive generation to support the skill development workflow. - [COMMAND_EXECUTION]:
scripts/init_skill.pyapplies executable permissions (chmod 0o755) to a generated placeholder script, which is a standard procedure for creating executable utilities. - [SAFE]:
scripts/quick_validate.pyutilizesyaml.safe_load()for parsing frontmatter, which correctly prevents unsafe deserialization vulnerabilities. - [SAFE]: The validation logic in
scripts/quick_validate.pyincludes regex checks for naming conventions and length constraints on metadata fields, effectively sanitizing inputs that are used in file path construction or interpolated into templates. - [SAFE]: No evidence of prompt injection, data exfiltration, or obfuscated code was found across the analyzed files. All external logic is transparent and aligned with the skill's stated purpose.
Audit Metadata