skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The scripts
package_skill.pyandquick_validate.pyperform local file system operations such as reading files, creating directories, and generating zip archives. They do not execute arbitrary shell commands or call external processes. - DATA_EXFILTRATION (SAFE): There are no network operations, hardcoded credentials, or patterns suggesting the unauthorized transmission of data.
- REMOTE_CODE_EXECUTION (SAFE): No remote code downloads or dynamic execution patterns were detected. The scripts use
yaml.safe_load()for parsing configuration files, which is a secure practice that prevents code execution during deserialization. - PROMPT_INJECTION (SAFE): The documentation files (
output-patterns.md,workflows.md) provide structural templates for skill output and logic but do not contain instructions that attempt to bypass AI safety guardrails.
Audit Metadata