skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- SAFE (INFO): No security issues were identified across the provided files. The scripts use defensive programming techniques:
- Input Validation:
quick_validate.pyimplements strict schema and regex validation for skill metadata. - Safe Parsing:
quick_validate.pycorrectly utilizesyaml.safe_load()to prevent arbitrary code execution during YAML deserialization. - Path Handling:
package_skill.pyusespathlibfor secure path resolution and relative mapping when creating archives. - Category 8: Indirect Prompt Injection (LOW): The validation script processes external
SKILL.mdfiles (untrusted data). However, it only performs structural validation and safe parsing without executing the content or using it to drive high-privilege decisions, resulting in a negligible risk profile.
Audit Metadata