skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The scripts
package_skill.pyandquick_validate.pyinvolve standard file system interactions like directory walking and zip file creation. These actions are consistent with the scripts' purposes as packaging and validation tools. - [REMOTE_CODE_EXECUTION] (SAFE): There are no instances of remote script fetching (e.g., via curl or wget) or execution of untrusted code from external sources.
- [DATA_EXFILTRATION] (SAFE): While the packaging script reads files to create a zip archive, it does not target sensitive system paths (like ~/.ssh) nor does it attempt to transmit data over the network.
- [PROMPT_INJECTION] (SAFE): The markdown files contain examples of how to structure AI prompts and workflows. These are provided as educational templates for developers and do not contain instructions meant to bypass the security filters of the agent analyzing the files.
- [DYNAMIC_EXECUTION] (SAFE): The validation script uses
yaml.safe_load()to parse frontmatter, which is a best practice that prevents arbitrary code execution during YAML parsing.
Audit Metadata