skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts use standard Python libraries (
zipfile,pathlib,re,yaml). The use ofyaml.safe_load()inquick_validate.pyfollows security best practices for parsing YAML data. - Category 10: Dynamic Execution (SAFE): No dynamic code execution, such as
eval()orexec(), is present in the provided scripts. - Category 2: Data Exposure & Exfiltration (SAFE): The scripts perform local file system operations (reading metadata and writing a zip file) which are appropriate for a packaging utility. No network operations or credential exposures were detected.
- Category 1: Prompt Injection (SAFE): The documentation files (
output-patterns.md,workflows.md) contain examples of instructions for AI agents, but they do not contain any malicious override or bypass attempts.
Audit Metadata