generate-agent-skills
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate developer workflow for project scaffolding. It uses local Python scripts to automate repetitive tasks like directory creation and template generation.
- [COMMAND_EXECUTION]: The scaffolding script (
scripts/scaffold_skill.py) executes a localgitcommand (git rev-parse --show-toplevel) to identify the repository root. This is a standard and safe operation used to ensure the skill is created in the correct location within a repository. - [SAFE]: Critical inputs, such as skill names, are validated against strict regular expressions (
^[a-z0-9][a-z0-9-]*[a-z0-9]$) to prevent directory traversal or other file system misuse. - [SAFE]: The skill includes comprehensive security guidelines for developers in
references/BEST_PRACTICES.md, encouraging the use of sandboxing and tool allowlisting for any skills created using this framework.
Audit Metadata