skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICAL
Full Analysis
- [COMMAND_EXECUTION]: The scripts
init_skill.pyandpackage_skill.pyperform local file system operations, including creating directories (mkdir), writing files (write_text), and archiving files into zip format (zipfile). These operations are consistent with the skill's stated purpose of initializing and packaging development projects and are conducted using standard, safe practices. - [EXTERNAL_DOWNLOADS]: The skill does not perform any network requests or external downloads. All operations are local to the user's environment.
- [REMOTE_CODE_EXECUTION]: No patterns for remote code execution or dynamic execution of untrusted input were found. The scripts generate boilerplate template code but do not execute it during the creation process.
- [PROMPT_INJECTION]: The documentation provides structural guidance and templates for agent instructions. It does not contain any patterns intended to bypass safety filters, override system prompts, or exfiltrate internal configuration.
- [SAFE]: The Python code follows security best practices, such as using
yaml.safe_load()inquick_validate.pyto prevent unsafe deserialization and usingpathlibfor robust path handling.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata