skill-builder
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a development tool that functions transparently by creating local files based on templates and best practices. No hidden behaviors, hardcoded credentials, or unauthorized network communications were detected. External documentation links point to official and reputable sources.\n- [PROMPT_INJECTION]: The skill ingests user descriptions to generate code, which is an inherent indirect prompt injection surface. This risk is effectively mitigated by the skill's structured multi-step workflow.\n
- Ingestion points: User requests defining the purpose and functionality of a new skill as seen in the 'When I Activate' section of SKILL.md.\n
- Boundary markers: The architecture separates the process into distinct agents (prompt-writer, architect, builder, reviewer, tester), creating logical boundaries during the generation process.\n
- Capability inventory: The skill manages and writes files to ~/.claude/ directories for skills, agents, commands, and scenarios.\n
- Sanitization: The skill includes an automated 'Validation' step and a 'Reviewer' agent to enforce YAML compliance, token budgets, and architectural standards for all generated content.
Audit Metadata