skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected. The code performs legitimate local file management tasks.
- File Operations: The
package_skill.pyscript uses thezipfilemodule andpathlibfor creating archives. It usesrelative_toto ensure correct path mapping within the ZIP file without risk of directory traversal during creation. - Validation Logic: The
quick_validate.pyscript implements a check for naming conventions (hyphen-case) and content sanitization (disallowing<and>in descriptions), which serves as a basic preventative measure against XSS or schema confusion in interfaces that might display the skill metadata. - Dependency Analysis: Both scripts rely exclusively on the Python standard library (
sys,zipfile,pathlib,os,re). No external or untrusted packages are imported. - Execution Context: The scripts do not perform network requests, access sensitive system paths (like
~/.ssh), or execute arbitrary shell commands.
Audit Metadata