skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- REMOTE_CODE_EXECUTION (SAFE): The
quick_validate.pyscript usesyaml.safe_load()to process skill metadata. This prevents 'YAML Deserialization' attacks where malicious YAML files could trigger execution of arbitrary Python objects. - DATA_EXFILTRATION (SAFE): The scripts perform local file operations (reading and zipping files) within the user-specified directory. There are no network calls or attempts to access sensitive system files like SSH keys or environment variables.
- COMMAND_EXECUTION (SAFE): While the scripts are designed to be run via a CLI, they do not use
os.systemorsubprocessto execute untrusted strings. The logic is restricted to standard Python file system and zip library operations. - PROMPT_INJECTION (SAFE): The markdown documentation files provide templates for output and workflow patterns. These are meta-instructions for developers and do not contain patterns designed to bypass AI safety filters or leak system prompts.
Audit Metadata