skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The provided scripts (init_skill.py, package_skill.py, quick_validate.py) perform local file system operations consistent with the skill's purpose as a development utility and do not engage in unauthorized network communication.
- [SAFE]: The quick_validate.py script uses yaml.safe_load() to process metadata files, which is a secure practice that prevents arbitrary code execution during YAML deserialization.
- [SAFE]: File and directory operations in the scripts use pathlib.Path.resolve() to correctly handle paths, reducing risks associated with path manipulation and ensuring operations stay within intended directories.
- [SAFE]: The skill documentation and reference files (output-patterns.md, workflows.md) contain instructional material only and do not contain any prompt injection or malicious instructions.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata