skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICALCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python utilities (init_skill.py, package_skill.py) that manage local file systems, including creating directories, writing template files, and zipping folders into .skill packages.
- [COMMAND_EXECUTION]: The scripts/init_skill.py script programmatically sets executable permissions on newly created template scripts using os.chmod, which is consistent with its stated purpose of skill initialization.
- [COMMAND_EXECUTION]: The validation logic in scripts/quick_validate.py utilizes the secure yaml.safe_load() method to parse skill metadata, effectively mitigating risks associated with unsafe YAML deserialization.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata