skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Standard Utilities (SAFE): The scripts
init_skill.py,package_skill.py, andquick_validate.pyperform routine development tasks like directory creation, file writing, and ZIP archiving. No suspicious command execution or privilege escalation attempts were found. - Data Handling (SAFE): No hardcoded credentials, sensitive file access, or network exfiltration patterns were detected. All file operations are restricted to the provided paths for skill creation.
- Dynamic Execution (SAFE): The skill uses
yaml.safe_load()in bothpackage_skill.pyandquick_validate.pyto parse metadata. This is a security best practice that prevents arbitrary code execution during YAML deserialization. - Remote Code Execution (SAFE): There are no patterns involving external downloads (curl/wget), piped execution, or remote script sourcing. All logic is contained within the local skill bundle.
Audit Metadata