skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected. The scripts perform routine local filesystem operations and string validation using built-in Python modules ('zipfile', 'pathlib', 're'). No indicators of prompt injection, remote code execution, or unauthorized network activity were found.\n- [Indirect Prompt Injection] (INFO): Mandatory Evidence Chain: 1. Ingestion points: Entire content of 'skill_path' directory processed in 'package_skill.py'. 2. Boundary markers: None (inherent to filesystem operations). 3. Capability inventory: 'zipfile.write' (read/write access to local files for archiving). 4. Sanitization: 'quick_validate.py' provides basic schema validation for 'SKILL.md' metadata. Severity: INFO. The script acts as a passive packaging utility and does not interpret, execute, or interpolate the content into prompts.
Audit Metadata