skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues or malicious patterns detected.
- Safe Parsing: The script uses yaml.safe_load() which is a secure method for parsing YAML files and prevents arbitrary code execution vulnerabilities often found in standard load functions.
- Input Validation: It implements specific validation rules for metadata fields, including regex-based name checks and character restrictions on descriptions to prevent basic injection attempts.
- Secure Path Handling: The code uses the pathlib library for path resolution and relative path calculations, which reduces the risk of directory traversal vulnerabilities during the creation of the skill archive.
- No Network or Privileged Operations: The scripts operate entirely on the local filesystem and do not perform network requests, credential access, or process execution requiring elevated privileges.
Audit Metadata