meta-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust framework for managing other skills, incorporating security checks within its core scripts. The 'references/security-guidelines.md' file explicitly prohibits hardcoded credentials and mandates the use of environment variables for API keys.\n- [EXTERNAL_DOWNLOADS]: The skill defines 'pyyaml' as a Python dependency in its 'SKILL.md' configuration. This is a standard and well-known library used for parsing YAML data, and its inclusion follows documented standards without introducing risk.\n- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it processes and introspects user-provided skill definitions. This risk is effectively mitigated by the skill's design; the included Python scripts are limited to safe data processing tasks (YAML validation, version comparison, and string templating) and lack dangerous capabilities such as arbitrary command execution, network exfiltration, or privileged file access.
Audit Metadata