skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides functional development tools and shows no signs of malicious intent or safety violations across its scripts and documentation.
- [COMMAND_EXECUTION]: The skill includes Python scripts (init_skill.py, package_skill.py, generate_openai_yaml.py) that perform file system management tasks like creating directories and writing template files. These operations are restricted to the local environment and support the skill's primary purpose.
- [PROMPT_INJECTION]: The skill processes user-supplied data to generate skill templates, presenting a surface for indirect prompt injection. 1. Ingestion points: User inputs provided via command-line arguments to init_skill.py. 2. Boundary markers: YAML frontmatter delimiters (---) in generated SKILL.md files. 3. Capability inventory: File and directory creation and modification. 4. Sanitization: Filenames are normalized via regex, and YAML strings are escaped to prevent structural breakage.
Audit Metadata