skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were found in the instructions or scripts. The automated scanner alert for 'product.md' is identified as a false positive, as it flags a filename used in a text-based documentation example rather than an actual malicious URL.
- [COMMAND_EXECUTION]: The skill includes Python scripts
init_skill.pyandpackage_skill.pyfor automating directory creation and zipping. These utilities are standard for development workflows and operate within user-defined paths. - [PROMPT_INJECTION]: The skill processes user input to generate skill templates, presenting a surface for indirect injection. Ingestion points: CLI arguments in
init_skill.py. Boundary markers: None. Capability inventory: File system writes and zip creation. Sanitization: Use of Python'spathlibfor path handling. The risk is negligible as there is no unsafe dynamic execution of the generated content.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata