skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found. Documentation files provide benign structural guidance for output and workflows.
- [Data Exposure & Exfiltration] (SAFE): The scripts perform local file operations for packaging purposes and do not access sensitive system paths (~/.ssh, ~/.aws) or perform network requests.
- [Unverifiable Dependencies] (LOW): The project depends on the
PyYAMLlibrary for parsing skill metadata. While an external dependency, it is a standard library for this purpose. - [Indirect Prompt Injection] (SAFE):
quick_validate.pyusesyaml.safe_load()to process skill frontmatter, which is the secure method for preventing code execution through malicious YAML payloads. - [Dynamic Execution] (SAFE): No instances of
eval(),exec(), or unsafe subprocess calls using untrusted input were detected. File zipping and validation logic are implemented using standard, safe Python APIs.
Audit Metadata