skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (init_skill.py and quick_validate.py) designed to manage the local file system. init_skill.py creates new directories and populates them with template files under /home/ubuntu/skills/. quick_validate.py reads and parses YAML frontmatter from SKILL.md files to ensure they meet the required schema. These scripts are part of the core functionality for bootstrapping and verifying new agent capabilities.
- [SAFE]: The skill follows security best practices. It uses yaml.safe_load() for parsing configuration files, preventing unsafe deserialization. File system permissions are set explicitly (0o755) only for the generated example scripts to allow execution. Input validation patterns (regex for hyphen-case names) are recommended in the documentation and implemented in the validation script.
Audit Metadata