skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes utility scripts (
init_skill.py,package_skill.py) designed to manage the local filesystem. These scripts perform actions such as creating directories, writing template files, and archiving files into ZIP format (.skill files). These operations are essential for the skill's purpose and do not appear to be exploitable for unauthorized access. - [SAFE]: The validation script (
quick_validate.py) utilizesyaml.safe_load()to parse YAML frontmatter. This is a security best practice that prevents the execution of arbitrary code during the parsing of potentially untrusted configuration data. - [SAFE]: Input sanitization is implemented in
init_skill.pyvia thenormalize_skill_namefunction, which uses regular expressions to ensure skill names only contain alphanumeric characters and hyphens, mitigating potential path traversal or filesystem injection risks. - [SAFE]: No evidence of network communication, data exfiltration, or remote code execution from untrusted sources was found. The scripts rely on standard Python libraries for their functionality.
Audit Metadata