Skills
skills/project-n-e-k-o/n.e.k.o/skill-creator/Gen Agent Trust Hub

skill-creator

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: CRITICAL
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes Python scripts (init_skill.py and package_skill.py) that perform standard file system operations.
  • scripts/init_skill.py creates directory structures and boilerplate markdown/Python files using pathlib.
  • scripts/init_skill.py uses chmod(0o755) to set execution permissions on a newly created example script, which is a standard procedure for generating executable utilities.
  • scripts/package_skill.py uses the zipfile module to archive the skill directory into a .skill file.
  • [SAFE]: The validation logic in scripts/quick_validate.py utilizes yaml.safe_load() to parse YAML frontmatter from markdown files. This is a security best practice that prevents arbitrary code execution during the deserialization of untrusted metadata.
  • [SAFE]: Automated scan alerts mentioned a malicious URL in a file named product.md. However, product.md is not present in this skill; it is only referenced as a placeholder string in the documentation (SKILL.md) to illustrate recommended directory structures. No actual malicious URLs or network requests were found in the provided code.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 26, 2026, 07:52 AM