skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The scripts consist of benign utility functions for local development workflows. No malicious patterns or threat vectors were identified.
- Data Exposure (SAFE): File operations are restricted to the directory specified by the user. While the script packages the contents of the target directory into a ZIP archive, it does not exfiltrate data to the network or access sensitive system paths outside of the user-provided input.
- Metadata Validation (SAFE): The
quick_validate.pyscript implements basic security hygiene, such as preventing angle brackets in descriptions to mitigate potential cross-site scripting (XSS) or injection issues in downstream display systems. - Indirect Prompt Injection (SAFE): Although the scripts process external
SKILL.mdfiles, the processing is limited to structural and format validation. The content of the file does not influence the script's control flow or interact with an LLM in a way that introduces injection risks.
Audit Metadata