skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py, andquick_validate.py) intended to be executed by the developer. These scripts automate local file system tasks such as directory creation, template generation, and zip packaging. They use standard libraries and do not involve shell injection or execution of unvalidated external code. - [SAFE]: The validation tool
quick_validate.pyutilizesyaml.safe_load()to parse skill metadata, which is a security best practice that prevents arbitrary code execution during the deserialization of YAML content. - [SAFE]: All file operations are performed using the
pathlibmodule, ensuring robust and safe path manipulation that is resistant to common directory traversal issues. - [SAFE]: No network operations, data exfiltration attempts, or prompt injection patterns were found in the instructions or the accompanying scripts.
Audit Metadata