skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security risks were identified in the provided documentation or scripts.
- [INDIRECT_PROMPT_INJECTION] (LOW): The
quick_validate.pyscript parses user-providedSKILL.mdfiles. It demonstrates good security posture by usingyaml.safe_load()to prevent arbitrary object instantiation and applying strict validation (regex, length limits) to all extracted fields. - [COMMAND_EXECUTION] (INFO): The
package_skill.pyscript uses the standardzipfilelibrary to archive files within a specified directory. The file system operations are localized and do not involve shell execution or subprocess calls.
Audit Metadata