skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The Python scripts perform standard file system operations (reading, writing, and zipping files) necessary for packaging. No arbitrary shell command execution or subprocess spawning with untrusted input was found.
- [DATA_EXFILTRATION] (SAFE): There are no network operations, curl/wget commands, or patterns indicating the unauthorized transmission of data to external sources.
- [PROMPT_INJECTION] (SAFE): The documentation files (
references/) provide templates for high-quality outputs and workflows. These are instructional guides for the agent and do not contain bypass markers, override instructions, or jailbreak attempts. - [EXTERNAL_DOWNLOADS] (SAFE): The scripts do not perform any remote downloads or runtime package installations.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for dynamic code execution (e.g., eval, exec) or remote script execution were detected.
- [DYNAMIC_EXECUTION] (SAFE): The validation script correctly uses
yaml.safe_load()to parse frontmatter, preventing unsafe deserialization vulnerabilities.
Audit Metadata