skill-creator
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICAL
Full Analysis
- SAFE (SAFE): No security issues were detected in the provided files. Analysis of the scripts and documentation confirms they are intended for development support.\n- Safe Coding Practices: The script
quick_validate.pycorrectly utilizesyaml.safe_load()for parsing frontmatter, which prevents unsafe deserialization of arbitrary Python objects. Bothpackage_skill.pyandquick_validate.pyuse thepathlibmodule for secure and cross-platform path manipulation.\n- Input Validation: The validation logic specifically checks for naming conventions, length limits, and prevents the use of angle brackets in descriptions, which serves as a safeguard against metadata poisoning or injection in downstream UIs.\n- Automated Scan Discrepancy: The scanner alert concerning a blacklisted URL inproduct.mdrefers to a file that was not included in the provided 4-file package. The provided content contains no external URLs or data exfiltration logic.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata