Skills
skills/melvynx/aiblueprint/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: LOW
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script scripts/package-skill.ts executes the system zip command via Bun.spawnSync to bundle skill files.
  • Evidence: Bun.spawnSync(["zip", "-r", skillFilename, skillName]) in scripts/package-skill.ts.
  • Context: This is a standard functional requirement for a packaging utility and operates on local files provided by the developer.
  • [EXTERNAL_DOWNLOADS] (INFO): The package.json file specifies a dependency on the yaml package.
  • Evidence: "yaml": "^2.8.2" in package.json.
  • Context: The yaml package is a standard, widely-used library for parsing YAML frontmatter and does not pose a security risk in this context.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 17, 2026, 05:48 AM