skill-creator-openai
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts that perform local file system operations to facilitate skill development.
scripts/init_skill.py: Creates new directories and writes template markdown and Python files based on user input.scripts/package_skill.py: Reads directory contents and uses thezipfilemodule to create a compressed.skillfile.scripts/quick_validate.py: Reads and parses YAML metadata from local files for structural validation.- [SAFE]: The skill implements robust input sanitization to prevent path traversal and other injection attacks.
- The
normalize_skill_namefunction ininit_skill.pyuses regular expressions to restrict skill names to lowercase alphanumeric characters and hyphens only. - This prevents an attacker from supplying malicious paths (e.g.,
../../etc/) as a skill name. - [SAFE]: The validation logic uses
yaml.safe_loadto process skill metadata, protecting against YAML-based unsafe deserialization attacks.
Audit Metadata