skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The markdown files contain instructional templates for the agent (e.g., output formatting and workflow steps). These are standard guidance patterns and do not attempt to bypass safety filters or override system instructions.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths (like .ssh or .aws) were found. The scripts perform local file system operations (reading SKILL.md and creating a zip file) with no network capabilities detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The Python scripts use standard libraries (pathlib, zipfile, re). The only external dependency is PyYAML, which is handled securely using
yaml.safe_load()inquick_validate.py. No remote script downloads or piped execution patterns (e.g., curl|bash) are present. - Obfuscation (SAFE): All scripts and documentation are written in clear, human-readable text. No Base64, zero-width characters, or homoglyph attacks were detected.
- Dynamic Execution (SAFE): The skill does not use
eval(),exec(), or any form of runtime code generation or compilation. All function calls are static and local.
Audit Metadata