skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected across any threat categories. The skill's primary functions are localized to directory initialization and metadata validation.
- [COMMAND_EXECUTION]: The skill instructions and scripts documentation reference the use of 'uv' for dependency management and script execution. These are standard developer operations consistent with the skill's purpose as a creator tool.
- [EXTERNAL_DOWNLOADS]: The project includes a
pyproject.tomlanduv.lockfile that reference 'pyyaml' from the official Python Package Index (PyPI). This is a well-known, trusted repository for Python packages. - [REMOTE_CODE_EXECUTION]: The script
scripts/validate.pyusesyaml.safe_load()to parse frontmatter, which is the recommended secure practice to prevent arbitrary code execution during YAML parsing.
Audit Metadata