Skills
skills/iofficeai/aionui/skill-creator/Gen Agent Trust Hub

skill-creator

Fail

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: CRITICAL
Full Analysis
  • [SAFE]: The skill provides utility scripts for local development environments. All file system interactions are handled through standard libraries like pathlib and zipfile, and are limited to user-defined directories.
  • [SAFE]: The initialization logic in init_skill.py includes strict regex-based validation for skill names (^[a-z0-9-]+$), which prevents directory traversal and injection attacks during file creation.
  • [SAFE]: The quick_validate.py script uses yaml.safe_load() to process skill configuration files, correctly mitigating the risks associated with untrusted YAML data processing.
  • [SAFE]: Analysis of the markdown documentation and code templates found no evidence of prompt injection, obfuscation, or hardcoded credentials.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 24, 2026, 09:25 PM