skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instruction-based content or prompt templates are present in the scripts.
- [DATA_EXFILTRATION] (SAFE): The scripts read from the local filesystem to create archives. No network requests or unauthorized data access patterns were detected.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code downloads or execution patterns (like curl-to-bash) are present.
- [COMMAND_EXECUTION] (SAFE): The scripts do not use subprocesses or shell commands to execute external programs.
- [DYNAMIC_EXECUTION] (SAFE): The script correctly uses
yaml.safe_load()to process the SKILL.md frontmatter, which prevents unsafe deserialization attacks. Noeval()orexec()calls are used.
Audit Metadata