skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to execute a suite of local Python scripts (e.g.,
validate_yaml.py,bulk_validate.py,interactive_editor.py) for skill management. This is necessary for the skill's primary function as a development wizard. - [PROMPT_INJECTION] (LOW): The skill acts as an ingestion surface for Indirect Prompt Injection (Category 8).
- Ingestion points: User input collected via
AskUserQuestion(e.g., skill name, description, author). - Boundary markers: Absent in the
minimal-starter.mdtemplate used for scaffolding. - Capability inventory: Uses the
Writetool to generate persistent files and theBashtool to execute validation logic. - Sanitization: No explicit sanitization or escaping of user-provided metadata is performed before writing the generated SKILL.md file.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not perform any network operations or download code from external sources; all executed scripts are local to the skill directory or environment hooks.
Audit Metadata