skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 10: Dynamic Execution (SAFE): The
quick_validate.pyscript usesyaml.safe_load()to parse theSKILL.mdfrontmatter. This is a secure implementation that prevents arbitrary code execution during the deserialization of YAML data. - Category 2: Data Exposure & Exfiltration (SAFE): The packaging script (
package_skill.py) performs local file system operations to bundle skill files into a ZIP archive. There are no network calls or attempts to access sensitive system files (e.g., .ssh or .aws folders). - Category 4: Unverifiable Dependencies (SAFE): The scripts use standard Python libraries. While
PyYAMLis a dependency forquick_validate.py, there are no automated or hidden installation commands for untrusted third-party packages. - Category 1: Prompt Injection (SAFE): The reference files contain documentation on how to structure outputs and workflows. These are benign educational examples and do not contain instructions to bypass agent safety filters or override system prompts.
Audit Metadata