skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
package_skill.pyperforms local file system operations to create ZIP archives. These operations are limited to the user-specified directories and do not involve shell execution or unsafe command concatenation. - [DYNAMIC_EXECUTION] (SAFE): The validation script
quick_validate.pyusesyaml.safe_load()to parse frontmatter, which is the recommended secure method to prevent arbitrary code execution during YAML deserialization. - [PROMPT_INJECTION] (SAFE): The reference files contain instructional templates for output formatting and workflow management. These are standard task-specific instructions and do not contain patterns designed to bypass AI safety filters or extract system prompts.
- [DATA_EXFILTRATION] (SAFE): No network requests, hardcoded credentials, or access to sensitive system paths (e.g., SSH keys, cloud credentials) were found.
- [EXTERNAL_DOWNLOADS] (SAFE): The scripts do not download or execute any remote content or packages.
Audit Metadata