skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The Python scripts perform file system operations (directory traversal, file reading, and zip creation) strictly related to the packaging and validation process. No arbitrary command execution was found.
- [DATA_EXPOSURE] (SAFE): Scripts read skill-specific files like
SKILL.mdfor validation but do not access sensitive system files or credentials. - [REMOTE_CODE_EXECUTION] (SAFE): No network operations, external downloads, or execution of untrusted remote code were identified.
- [DYNAMIC_EXECUTION] (SAFE): The validation script uses
yaml.safe_load()to parse frontmatter, which is the secure way to handle YAML data and prevents arbitrary object instantiation. - [PROMPT_INJECTION] (SAFE): The markdown files contain instructional templates for LLMs, but they do not attempt to bypass safety filters or override system instructions.
Audit Metadata