skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The documentation files provide templates for structured outputs and workflows. No instructions designed to override agent safety or system prompts were found.
- Data Exposure & Exfiltration (SAFE): The utility scripts operate on local file paths provided by the user and do not perform any network operations or access sensitive system directories like SSH keys or environment secrets.
- Unverifiable Dependencies (SAFE): The dependency on PyYAML is used safely via yaml.safe_load for metadata validation. No remote scripts are downloaded or executed.
- Command Execution (SAFE): The scripts perform local file system operations (read, write, zip) and do not execute arbitrary shell commands or process untrusted inputs in a dangerous manner.
- Indirect Prompt Injection (SAFE): The skill is a set of static documentation and tools; it does not have a runtime ingestion surface for untrusted external data that would lead to injection vulnerabilities.
Audit Metadata