Skills
skills/jezweb/claude-skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The initialization tool generates boilerplate files and sets their permissions to be executable by the user.
  • Evidence: The scripts/init_skill.py script applies chmod(0o755) to the newly created scripts/example.py to facilitate direct execution of the template code.
  • [SAFE]: The skill utilizes secure parsing methods for configuration files to prevent arbitrary code execution during validation.
  • Evidence: scripts/quick_validate.py specifically uses yaml.safe_load() to process the YAML frontmatter of skills.
  • [SAFE]: Filesystem interactions are implemented using secure path resolution techniques to mitigate path traversal risks.
  • Evidence: The scripts utilize the pathlib module's resolve() method in scripts/init_skill.py and scripts/package_skill.py when determining target directories for skill creation and packaging.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 11:58 PM