skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (scripts/init_skill.py, scripts/package_skill.py) that manage the file system by creating directories, writing template files, and generating ZIP archives. This functionality is the primary purpose of the skill and is implemented using standard libraries.
- [DATA_EXFILTRATION]: While the packaging script reads local files to create archives, it lacks network access and performs validation to ensure it only operates on intended skill directories, minimizing the risk of unauthorized data access.
- [PROMPT_INJECTION]: The skill's role in generating instructions for other agents creates a surface for indirect prompt injection.
- Ingestion points: User-supplied skill names and paths in scripts/init_skill.py.
- Boundary markers: Not present in the generated templates.
- Capability inventory: File system writes and executable script generation in scripts/init_skill.py; directory archiving in scripts/package_skill.py.
- Sanitization: Basic regex validation for skill names and description content is provided in scripts/quick_validate.py.
Audit Metadata