skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements robust security practices throughout its logic and instructions.
- [COMMAND_EXECUTION]: The skill executes commands via Bash and Node.js spawnSync. It includes an isPathSafe utility that sanitizes file paths and command arguments against dangerous characters to mitigate command injection risks.
- [EXTERNAL_DOWNLOADS]: The skill facilitates research and installation from external sources like GitHub and arXiv. These are well-known or trusted services. The instructions include a mandatory multi-point security scan for any external content before incorporation.
- [DATA_EXFILTRATION]: No patterns of sensitive data exfiltration were detected. The skill interacts with the local environment and whitelisted external domains for research purposes.
- [CREDENTIALS_UNSAFE]: Metadata placeholders for environment variables like GITHUB_TOKEN are used appropriately to indicate requirements for MCP servers without hardcoding actual secrets.
Audit Metadata