skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Standard Library Usage (SAFE): The packaging and validation scripts rely on standard Python libraries like
zipfile,pathlib, andre. No suspicious external dependencies or obfuscated code were found. - Safe Deserialization (SAFE): In
scripts/quick_validate.py, the skill correctly usesyaml.safe_load()to parse frontmatter fromSKILL.mdfiles. This prevents arbitrary code execution vulnerabilities often associated with unsafe YAML loading. - No Network Activity (SAFE): None of the scripts perform network requests or attempt to exfiltrate data. File operations are restricted to the local filesystem for packaging purposes.
- Documentation Only (SAFE): The files in the
references/directory are purely informational and contain no executable instructions or prompt injection attempts.
Audit Metadata