skill-architect
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a validation tool (
scripts/validate_skill.py) that the agent is instructed to run. This script performs standard local file system operations, such as checking for the existence ofSKILL.mdand reading its content to validate frontmatter. It does not execute external shell commands, spawn dangerous subprocesses, or require elevated privileges. - [DATA_EXFILTRATION]: Analysis of the Python validation script and the core instructions confirms the absence of network-related code or exfiltration patterns. The tool's scope is restricted to the local directory provided by the user during the skill creation process.
- [PROMPT_INJECTION]: The instructions in
SKILL.mdand the reference documentation are focused on methodology, progressive disclosure, and quality benchmarks. No attempts to bypass safety filters, override system instructions, or extract sensitive model information were found. - [SAFE]: All components of the skill, including the scripts and reference documentation, align with the stated purpose of assisting in skill architecture. The use of local scripts for linting and validation is a standard best practice in this context and poses no security risk.
Audit Metadata