skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides utility scripts (
scripts/init_skill.pyandscripts/package_skill.py) that perform file system operations, directory creation, and file zipping. The initialization script sets executable permissions (chmod 0o755) on a generated example script. - [EXTERNAL_DOWNLOADS]: Refers to an external repository at
https://github.com/ComposioHQ/awesome-claude-skillsfor skill templates and source information. - [PROMPT_INJECTION]: Analyzed for Indirect Prompt Injection surfaces (Category 8).
- Ingestion points: User-supplied CLI arguments for skill names and paths are processed by
scripts/init_skill.pyandscripts/package_skill.py. - Boundary markers: None identified for isolating ingested data from instruction templates.
- Capability inventory: Includes file system write access, permission modification, and archive creation across
scripts/init_skill.pyandscripts/package_skill.py. - Sanitization: Basic regex-based validation for skill naming conventions is implemented in
scripts/quick_validate.py.
Audit Metadata