skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were identified in the provided files.
- [COMMAND_EXECUTION] (SAFE): The scripts
package_skill.pyandquick_validate.pyperform file system operations (reading, writing, and zipping) restricted to the local directory provided by the user. No arbitrary command execution or shell injection points exist. - [DATA_EXFILTRATION] (SAFE): No network-enabled code (curl, requests, etc.) or hardcoded credentials were found in any of the scripts or documentation.
- [DYNAMIC_EXECUTION] (SAFE): The validation script uses
yaml.safe_load()to parse frontmatter, which is the secure way to load YAML data without risking arbitrary code execution. - [PROMPT_INJECTION] (SAFE): The documentation files (
output-patterns.md,workflows.md) contain templates and structural advice for skill developers. They do not contain instructions that would override agent safety filters or system instructions.
Audit Metadata