skill-forge
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration vectors were identified. The skill is a meta-utility for AI agent development.
- [COMMAND_EXECUTION]: The script
scripts/render_graphs.pyexecutes the systemdotcommand to generate SVG/PNG diagrams from markdown DOT blocks. The scriptscripts/scan.pyexecutesgitcommands to audit commit history for accidentally committed secrets. These are standard subprocess operations for developer tools and are implemented using argument lists to prevent shell injection. - [EXTERNAL_DOWNLOADS]: The Python scripts utilize the
uvscript runner and declare a dependency onpyyaml. This is a well-known, trusted library required for processing skill metadata. No downloads from untrusted or unknown external sources are present.
Audit Metadata