skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The documentation files provide templates and examples for output formatting and workflow structures. No instructions were found that attempt to override AI safety constraints or bypass system instructions.
- [Data Exposure & Exfiltration] (SAFE): The scripts interact exclusively with the local filesystem to package skill directories. There are no hardcoded credentials, network requests, or attempts to access sensitive system paths (e.g., ~/.ssh, ~/.aws).
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The scripts do not download or execute remote code. There is no usage of dangerous functions like
os.systemorsubprocess.runto execute shell commands. - [Dynamic Execution] (SAFE): The
quick_validate.pyscript usesyaml.safe_load()to parse frontmatter, which is a secure method that prevents code execution during deserialization. No usage ofeval()orexec()was detected. - [Indirect Prompt Injection] (LOW): The skill validates external metadata from
SKILL.mdfiles. This is a potential attack surface, but the risk is mitigated by the use of safe YAML parsing and strict character validation (e.g., blocking angle brackets in descriptions).
Audit Metadata