The Agent Skills Directory

[SAFE]: The skill acts as a development framework. A review of the instructions and scripts confirms the functionality is consistent with its stated purpose of assisting in skill creation.\n- [COMMAND_EXECUTION]: The Python scripts scripts/init_skill.py and scripts/package_skill.py manage local file system operations (creating directories, writing text files, and zipping content). These operations do not trigger external commands or process untrusted executable code.\n- [DATA_EXFILTRATION]: There are no network calls or attempts to access sensitive system files. The scope of file access is limited to the user-specified skill directory.\n- [PROMPT_INJECTION]: The init_skill.py script uses template formatting to insert user-provided skill names into generated files. While this creates a potential injection surface if an attacker provides a crafted skill name, the impact is low as the tool is intended for a controlled development environment and includes a validation script to check naming conventions.

skill-creator