skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior or bypass safety guidelines.
- Data Exposure & Exfiltration (SAFE): No access to sensitive file paths (~/.ssh, ~/.aws) or unauthorized network operations were detected. The scripts only interact with the local skill directory provided by the user.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques were found in the scripts or documentation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts use standard Python libraries. While they depend on
PyYAML, they useyaml.safe_load()which is a security best practice for parsing untrusted YAML data. - Privilege Escalation (SAFE): No commands requiring elevated privileges (e.g., sudo, chmod 777) or modifications to system directories were identified.
- Persistence Mechanisms (SAFE): No attempts to create cron jobs, modify shell profiles, or establish startup persistence were found.
- Dynamic Execution (SAFE): The scripts do not use
eval(),exec(), or any form of runtime code generation or compilation.
Audit Metadata