personal-tool-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill provides structured guidance for building personal tools and contains no malicious instructions, obfuscation, or data exfiltration logic.
- [Indirect Prompt Injection] (SAFE): Ingestion points include user-provided tool requirements in the tool building process. While explicit boundary markers are absent, the skill provides a dedicated validation reference (validations.md) that serves as a sanitization layer, requiring the agent to audit generated code for credentials and insecure bindings.
- [Command Execution] (SAFE): The skill provides code templates for CLI tools that use system commands (e.g., child_process.execSync) to verify local environment dependencies like ffmpeg. This functionality is essential to the skill's primary purpose and is used responsibly within the provided patterns.
- [Credentials Unsafe] (SAFE): The skill includes high-severity warnings and regex-based validation rules specifically designed to prevent the use of hardcoded API keys or secrets in generated scripts.
Audit Metadata