skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill's instructions and reference documentation were analyzed for malicious intent and found to be secure. The content focuses exclusively on providing a structured framework for skill authoring.
- [COMMAND_EXECUTION] (SAFE): The documentation contains examples of standard shell commands (e.g.,
wc,ls,grep,find) used for local file validation. These are benign and appropriate for a development-focused utility. - [REMOTE_CODE_EXECUTION] (SAFE): The skill provides standards and examples for Python and TypeScript scripts, including the use of modern runners like
uvandtsx. These are presented as guidelines for deterministic automation and do not include any patterns for executing untrusted remote code. - [Indirect Prompt Injection] (SAFE): While the skill ingests user requirements and research data to generate new skills (creating an injection surface), it mitigates this through the use of rigid, structured templates (
${placeholder}syntax) and multi-step validation phases. This surface is inherent to the skill's primary function and is handled safely.
Audit Metadata