skill-creator
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md documentation provides instructions for executing administrative commands, specifically using sudo to restart system services via systemctl.
- [COMMAND_EXECUTION]: The scripts/init_skill.py script programmatically modifies file system permissions using chmod 755 to make generated scripts executable.
- [CREDENTIALS_UNSAFE]: The skill workflow guides the agent to access sensitive local configuration files, such as .env, to retrieve API keys and environment variables.
- [EXTERNAL_DOWNLOADS]: The instructions recommend using curl to transmit retrieved API credentials to external service endpoints to verify their validity during the setup process.
Audit Metadata