Skills
skills/romejiang/moltbook-api/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • [SAFE] (INFO): No security issues were detected. The analyzed files are standard development utilities and documentation for skill creation.
  • [Indirect Prompt Injection] (LOW): The quick_validate.py script processes untrusted SKILL.md files but uses yaml.safe_load() to prevent unsafe deserialization and performs only read-only structural validation. There is no execution or side-effect associated with the data processed.
  • [Unsafe Deserialization] (LOW): The validation logic correctly uses yaml.safe_load() rather than the unsafe yaml.load(), mitigating potential RCE via YAML tags.
  • [Command Execution] (INFO): The package_skill.py script performs file system operations (zipping files) which are restricted to the provided directory paths and do not involve shell injection or arbitrary command execution.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 07:34 AM