skill-manifest-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The code uses standard libraries for file operations and hashing.
- [EXTERNAL_DOWNLOADS]: The skill uses PyYAML as an optional dependency for parsing manifest frontmatter. PyYAML is a well-established and trusted library.
- [DATA_EXFILTRATION]: The manifest generator identifies external URLs for auditing purposes but does not perform any network operations itself. It includes a robust list of default exclusions (e.g., .env, .git, node_modules) to prevent the accidental exposure or processing of sensitive credentials and metadata.
- [SAFE]: The tool enforces strict limits on file sizes (10MB) and directory nesting levels (6) to prevent resource exhaustion during processing.
Audit Metadata