skill-writer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a developer-focused tool for authoring agent skills. It demonstrates strong security awareness by providing guidelines on portability and instruction safety.
- [DATA_EXFILTRATION]: The skill includes a Python script (
scripts/quick_validate.py) that acts as a defensive measure. It uses regular expressions to scan for machine-specific absolute file paths (e.g., paths starting with/Users/or/home/) to prevent developers from accidentally including sensitive local environment details in their skills. - [COMMAND_EXECUTION]: The skill leverages local command execution via
uv runto facilitate validation and testing workflows. It provides clear documentation for script interfaces and dependencies using PEP 723 metadata, ensuring predictable and transparent execution. - [PROMPT_INJECTION]: While the skill involves synthesizing information from external sources (Category 8: Indirect Prompt Injection), it addresses this risk by instructing the agent in
references/synthesis-path.mdto treat all external content as untrusted data and mandates the use of depth gates and validation scripts before finalizing any generated content.
Audit Metadata