skill-creator-openai
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a meta-tool for skill development. Its core functionality involves providing templates and local automation scripts that do not exhibit malicious patterns.
- [COMMAND_EXECUTION]: The skill includes three Python scripts (
init_skill.py,package_skill.py,quick_validate.py) intended to be run locally by the agent. These scripts use standard Python libraries to manage file system operations, create zip archives, and parse YAML content. No suspicious shell execution or dynamic code evaluation (eval/exec) was detected. - [SAFE]: The
init_skill.pyscript implements robust input normalization for skill names using regular expressions (r'[^a-z0-9]+'), which effectively prevents directory traversal attacks or the creation of malformed file paths. - [SAFE]: The
quick_validate.pyscript correctly usesyaml.safe_load()for processing skill metadata, which is the recommended practice for preventing unsafe object instantiation during YAML deserialization. - [SAFE]: No network operations, remote code downloads, or attempts to access sensitive system files (e.g., credentials, SSH keys) were found in any of the provided files.
Audit Metadata