skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The script package_skill.py correctly uses the pathlib and zipfile modules to resolve paths and create archives, ensuring file operations are contained and do not involve shell injection vulnerabilities.
- [SAFE] (SAFE): In quick_validate.py, the use of yaml.safe_load() is a critical security measure that prevents arbitrary object instantiation and code execution when parsing SKILL.md files.
- [SAFE] (SAFE): The validation process enforces strict schema constraints on skill metadata, including name formatting via regular expressions and length limits, which helps prevent metadata poisoning or injection in downstream systems.
Audit Metadata