skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/init_skill.pyutility useschmod(0o755)to make newly created example scripts executable. This is standard behavior for a project scaffolding tool and does not constitute a privilege escalation risk. - [EXTERNAL_DOWNLOADS]: The
scripts/quick_validate.pyscript imports thePyYAMLlibrary for parsing skill metadata. This is a well-known and legitimate dependency for handling YAML content. - [SAFE]: The skill uses
yaml.safe_load()in its validation script, following security best practices for Python to prevent unsafe deserialization while processing skill metadata files.
Audit Metadata