skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The
scripts/package_skill.pyandscripts/quick_validate.pyare standard CLI utilities. They perform file reading and ZIP creation but do not execute arbitrary shell commands or user-provided strings. - REMOTE_CODE_EXECUTION (SAFE): The
scripts/quick_validate.pyscript usesyaml.safe_load()to parse frontmatter. This is a secure practice that prevents the execution of arbitrary Python objects during YAML parsing. - DATA_EXFILTRATION (SAFE): No network operations (e.g.,
requests,curl,urllib) were detected in the scripts. The scripts only interact with the local filesystem for the purpose of packaging and validation. - PROMPT_INJECTION (SAFE): The documentation files (
references/output-patterns.mdandreferences/workflows.md) contain instructional templates for the agent. These are standard behavioral guidelines and do not contain instructions to bypass safety filters or ignore previous rules.
Audit Metadata