skill-creator
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Script Template Generation: The
scripts/init_skill.pyscript dynamically generates a new Python script (example.py) from an embedded template. While used for project initialization, the creation of executable content at runtime is a pattern that requires oversight to prevent unintended code injection. - File Permission Modification: The
scripts/init_skill.pyutility applies executable permissions (chmod 0o755) to the newly created script files. Modifying file permissions is a security consideration typically associated with privilege management. - Input Data Handling Surface: Several included scripts, such as
init_skill.pyandpackage_skill.py, ingest data through command-line arguments to define file paths and skill names. These inputs are used for directory creation and file writing operations. - Ingestion points: Command-line arguments (
sys.argv) inscripts/init_skill.pyandscripts/package_skill.py. - Boundary markers: Not explicitly defined for command-line inputs.
- Capability inventory: File system write operations (
Path.write_text), directory creation (mkdir), and permission changes (chmod) inscripts/init_skill.py. - Sanitization: The scripts perform basic formatting but lack strict path validation or traversal prevention for user-supplied arguments.
- Package Installation Instructions: The documentation includes instructions for installing official Azure SDK packages using standard package managers. These references target well-known services and are provided to set up the necessary environment for the skill.
Audit Metadata