Skills
skills/feed-mob/feedmob-adpilot-mcp/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_EXECUTION] (SAFE): The validation script correctly uses yaml.safe_load() in scripts/quick_validate.py to parse metadata, which prevents arbitrary code execution during the ingestion of external skill configurations.
  • [DATA_EXFILTRATION] (SAFE): No unauthorized network activity or access to sensitive local credentials (e.g., SSH, AWS keys) was detected. The packaging script scripts/package_skill.py performs standard local filesystem operations to create zip archives.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill includes logic to process external data (SKILL.md files). While this is an ingestion surface, the implementation in scripts/quick_validate.py includes robust sanitization, such as character filtering (disallowing angle brackets in descriptions) and strict length/format validation for all fields.
  • [COMMAND_EXECUTION] (SAFE): No use of dangerous functions like os.system() or subprocess.run() with untrusted input was found. The scripts use high-level, safe APIs for file management.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:42 PM