skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists of instructional documentation for skill developers. No attempts to override agent behavior or bypass safety filters were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths (e.g., .ssh, .env), or suspicious network requests were identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote scripts are downloaded or executed. The guides refer to local script execution which is standard for the described framework.
- [Dynamic Execution] (SAFE): The 'skill-validation-guide.md' includes a Python snippet for validating YAML frontmatter. This snippet uses 'yaml.safe_load()', which is the recommended secure method for parsing YAML and prevents arbitrary code execution.
- [Indirect Prompt Injection] (LOW): The documentation provides examples for skills that process external data such as PDFs and Word documents. This introduces a theoretical attack surface for indirect prompt injection if the resulting skills do not implement proper sanitization.
- Ingestion points: Skills created following these guides may ingest data via scripts like 'analyze_form.py'.
- Boundary markers: The templates do not explicitly mandate delimiters for untrusted data.
- Capability inventory: The guides suggest capabilities like file reading and writing.
- Sanitization: No explicit sanitization requirements are provided in the templates.
Audit Metadata