skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The Python scripts
package_skill.pyandquick_validate.pyperform local file system operations using standard libraries (pathlib,zipfile,re). These operations are restricted to validating skill structure and creating ZIP archives. - DATA_EXFILTRATION (SAFE): The packaging utility reads local files to create an archive, but it contains no network communication code (e.g.,
requests,urllib,socket) and does not transmit data to external servers. - EXTERNAL_DOWNLOADS (SAFE): The scripts do not download or execute any remote content. All dependencies are standard Python libraries, and no package manager calls (
pip,npm) are performed. - PROMPT_INJECTION (SAFE): No malicious instructions or bypass attempts were found in the
SKILL.md(implied structure) or the sanitization checklist documentation. - REMOTE_CODE_EXECUTION (SAFE): There are no instances of
eval(),exec(), or subprocess calls that handle untrusted input. The scripts are straightforward utility tools.
Audit Metadata