skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [PRIVILEGE_ESCALATION]: The scripts/init_skill.py script applies executable permissions (chmod 755) to a generated template script (example.py). This is an expected operation for a tool designed to initialize development environments.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided inputs and local directory structures. 1. Ingestion points: scripts/init_skill.py (command-line arguments) and scripts/package_skill.py (local file system traversal). 2. Boundary markers: Not explicitly used as the tool operates within a trusted local environment. 3. Capability inventory: File system writes, ZIP archive creation, and metadata validation. 4. Sanitization: scripts/quick_validate.py enforces hyphen-case naming conventions and filters for specific characters in descriptions.
- [DYNAMIC_EXECUTION]: The scripts/init_skill.py script generates Python source code based on static internal templates. This generation is a core functional requirement of the skill and does not incorporate untrusted external logic.
Audit Metadata