skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/init_skill.pyutility creates local directories and template files using thepathliblibrary. It also applies executable permissions to generated scripts usingchmod. - [COMMAND_EXECUTION]: The
scripts/package_skill.pyscript reads the contents of the skill directory and archives them into a ZIP file using thezipfilemodule. - [PROMPT_INJECTION]: As a tool for generating agent instructions, the skill includes
scripts/quick_validate.pywhich implements basic sanitization by checking for angle brackets in descriptions and enforcing strict kebab-case naming conventions for skill identifiers. - [SAFE]: The Python implementation uses
yaml.safe_load()to prevent unsafe deserialization during metadata validation and does not perform any network operations or external downloads.
Audit Metadata