skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/init_skill.pyscript performs local file system operations, including creating directories and writing files. It also applies execution permissions (chmod +x) to a generated template script. These actions are standard for a development initialization tool and are limited to the local environment.\n- [SAFE]: All scripts useyaml.safe_load()to handle YAML data, which mitigates risks associated with unsafe object deserialization.\n- [SAFE]: No indicators of prompt injection, data exfiltration, or malicious obfuscation were detected.\n- [SAFE]: Automated scan results flagged a malicious URL inproduct.md. Analysis confirms thatproduct.mdis not part of this skill and is only referenced as a placeholder name in the documentation examples. No actual malicious URLs are present in the provided source code or instructions.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata