skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The scripts do not use subprocesses, os.system, or any other shell command execution patterns.\n- DATA_EXFILTRATION (SAFE): No network operations (requests, urllib, socket) were detected. File access is limited to the local skill directory provided by the user.\n- REMOTE_CODE_EXECUTION (SAFE): There are no patterns involving the download and execution of remote scripts or the use of eval() on untrusted input.\n- CREDENTIALS_UNSAFE (SAFE): No hardcoded API keys, tokens, or other sensitive credentials were found in the code or documentation.\n- EXTERNAL_DOWNLOADS (SAFE): The skill does not perform runtime installation of packages or remote file downloads.\n- DYNAMIC_EXECUTION (SAFE): The quick_validate.py script correctly uses yaml.safe_load() to parse YAML frontmatter, preventing unsafe deserialization vulnerabilities.
Audit Metadata