building-claude-code-skills
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The provided files are purely instructional and structural templates. They do not contain an executable SKILL.md or any active logic that could be exploited.
- [COMMAND_EXECUTION] (SAFE): While the documentation provides numerous examples of CLI commands (using
gh,aws,git,jq, etc.), these are standard administrative patterns used for demonstration. No dangerous command injections or arbitrary code execution vulnerabilities are present. - [EXTERNAL_DOWNLOADS] (SAFE): Code snippets illustrate the use of
requests(Python) andfetch(Node.js) to interact with APIs, but they use placeholder URLs (e.g.,api.example.com). The mention ofnpm installis within the context of developer guidance for environment setup. - [PROMPT_INJECTION] (SAFE): The documentation explicitly advises against dangerous practices (like using XML tags in metadata) and provides safe naming conventions and descriptive patterns for agent invocation.
- [DATA_EXFILTRATION] (SAFE): There are no hardcoded credentials, sensitive file paths, or network exfiltration patterns. Examples use generic bucket names and public API endpoints.
Audit Metadata