skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [REMOTE_CODE_EXECUTION] (SAFE): The YAML frontmatter parsing in
quick_validate.pyusesyaml.safe_load(), which is resistant to arbitrary code execution vulnerabilities common in unsafe YAML loaders. - [COMMAND_EXECUTION] (SAFE): The packaging script
package_skill.pyuses the standardzipfilelibrary for file operations and does not invoke external shell commands or subprocesses. - [DATA_EXFILTRATION] (SAFE): The scripts operate purely on the local filesystem within user-specified directories. No network requests, external data transmission, or hardcoded credentials were found.
- [PROMPT_INJECTION] (SAFE): The documentation files in
references/provide benign structural templates for output and workflows. They do not contain instructions that attempt to override system prompts or bypass safety filters.
Audit Metadata