skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides local Python utility scripts (
scripts/init_skill.py,scripts/package_skill.py,scripts/quick_validate.py) for the agent to execute. These scripts manage the creation of directories, writing of template files, and zipping of skill packages on the local filesystem. These actions are strictly aligned with the skill's primary purpose as a development tool. - [SAFE]: The validation logic in
scripts/quick_validate.pycorrectly usesyaml.safe_load()to process user-provided frontmatter, which prevents potential arbitrary code execution via unsafe YAML deserialization. - [SAFE]: Script generation in
scripts/init_skill.pyuses static templates for boilerplate code, ensuring that the generated scripts do not incorporate unvalidated dynamic input that could lead to code injection. - [SAFE]: File system operations use the
pathlibmodule andPath.resolve(), which is a best practice for managing paths securely and preventing simple path traversal attempts.
Audit Metadata