skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script 'package_skill.py' uses the standard 'zipfile' library to compress folders into '.skill' files. It does not execute arbitrary shell commands or external processes.
- [REMOTE_CODE_EXECUTION] (SAFE): The 'quick_validate.py' script uses 'yaml.safe_load()' to parse frontmatter, which is a secure practice that prevents arbitrary code execution during parsing.
- [DATA_EXFILTRATION] (SAFE): No network calls or functions capable of transmitting data externally (such as 'requests' or 'socket') are present in the provided files.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets or attempts to access sensitive system directories (like ~/.ssh or ~/.aws) were detected.
Audit Metadata