schema-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established patterns for artifact creation within the framework. All file operations are restricted to the local project directory, specifically the
.claude/folder and skill-specific directories. - [SAFE]: State management hooks (
pre-execute.cjs,post-execute.cjs) properly track the lifecycle of the creator by writing to a local runtime state file (active-creators.json). This is a legitimate internal coordination mechanism. - [SAFE]: The primary script (
main.cjs) implements safe JSON parsing and type inference logic. It avoids dynamic execution functions such aseval()orexec()and relies solely on standard Node.jsfsandpathmodules for local file management. - [SAFE]: Research requirements mentioned in the documentation target well-known academic and technology services (e.g., arXiv), which are considered trusted sources according to security guidelines.
Audit Metadata