skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a local development suite. All provided scripts focus on managing the skill lifecycle, including initialization, validation, and packaging without performing suspicious background tasks.
- [COMMAND_EXECUTION]: The scripts
init_skill.pyandpackage_skill.pyperform file system operations such as creating directories, writing Markdown templates, and archiving files into ZIP format. These operations are essential to the tool's function and are constrained to the local file system. - [SAFE]: The initialization script uses a normalization function for skill names that employs regular expressions to strip non-alphanumeric characters, effectively preventing path traversal or injection through malformed user input.
- [SAFE]: Frontmatter validation is performed using
yaml.safe_load, ensuring that metadata parsing does not lead to unsafe deserialization vulnerabilities.
Audit Metadata