skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides automated tools for skill development that follow security best practices. Specifically, the validation script
scripts/quick_validate.pyusesyaml.safe_load()to prevent unsafe deserialization of YAML data. - [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py) that perform local file system operations, such as creating directories, writing template files, and zipping content. These operations are restricted to the local environment and are essential for the skill's functionality as a project generator. - [PROMPT_INJECTION]: The
SKILL.mdfile contains meta-instructions for creating other skills. It does not contain any instructions that attempt to bypass the AI agent's safety filters or override system-level behavior. - [SAFE]: Input for skill names in the initialization script is sanitized using a regular expression (
^[a-z0-9-]+$) which prevents directory traversal and shell injection through the naming convention.
Audit Metadata