capability-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The script 'scripts/package_skill.py' performs local file packaging using the standard zipfile library with relative paths, preventing directory traversal vulnerabilities.\n- [SAFE] (SAFE): The script 'scripts/quick_validate.py' uses 'yaml.safe_load()' to process user-provided skill metadata, which is the recommended method to prevent arbitrary code execution during deserialization.\n- [SAFE] (SAFE): Reference documentation in 'references/' provides standard instructional templates and workflow examples for LLMs that do not contain prompt injection or malicious patterns.
Audit Metadata