skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No network operations or access to sensitive system paths (e.g., ~/.ssh, ~/.aws) were detected. The scripts only interact with the provided skill directory.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The scripts rely entirely on Python standard libraries (pathlib, zipfile, sys, os, re). No external packages or remote code downloads are present.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or subprocess calls that could lead to command injection or runtime code modification.
- [Metadata Poisoning] (SAFE): The validation script (quick_validate.py) implements proactive checks on metadata fields like 'name' and 'description' to enforce naming conventions and prevent the use of potentially problematic characters like angle brackets.
Audit Metadata