skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security vulnerabilities detected. The scripts perform intended utility functions safely.
- DATA_EXPOSURE (LOW): The packaging script recursively zips a directory. Users should verify no sensitive files are in the target directory before use.
- INDIRECT_PROMPT_INJECTION (LOW): The validation script processes external SKILL.md files. Evidence: 1. Ingestion point: scripts/quick_validate.py reads SKILL.md. 2. Boundary markers: YAML frontmatter delimiters. 3. Capability: Local file system read and ZIP creation. 4. Sanitization: Employs yaml.safe_load() to prevent code execution during parsing.
Audit Metadata