skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (SAFE): The
quick_validate.pyscript usesyaml.safe_load()to parse frontmatter, which correctly prevents the execution of arbitrary Python objects through YAML tags. - [COMMAND_EXECUTION] (SAFE): The
package_skill.pyandquick_validate.pyscripts perform local file operations using standard libraries (pathlib,zipfile,re). No subprocess execution, shell commands, or dynamic code evaluation (eval/exec) were found. - [DATA_EXFILTRATION] (SAFE): No network requests (curl, wget, requests) or patterns indicating data exfiltration were detected. The scripts operate exclusively on local files for the purpose of packaging.
- [PROMPT_INJECTION] (SAFE): The documentation files (
output-patterns.md,workflows.md) provide structural examples for output and logic flow. They do not contain instructions that attempt to override AI safety constraints or bypass system prompts. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or sensitive credentials were found in the scripts or documentation.
Audit Metadata