skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py) designed to automate the creation and distribution of skills. These scripts perform standard file system operations such as directory creation (mkdir), file writing (write_text), and archiving (zipfile). These operations are consistent with the skill's primary function as a developer tool. - [SAFE]: Security best practices are followed in the validation logic. Specifically,
quick_validate.pyusesyaml.safe_load()to process skill metadata, protecting against YAML-based code execution vulnerabilities. - [SAFE]: The skill implements input sanitization in
quick_validate.pyby enforcing strict naming conventions (hyphen-case only) and prohibiting certain characters (like angle brackets) in metadata descriptions, which helps mitigate potential injection risks.
Audit Metadata