skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill contains Python scripts (
package_skill.py,quick_validate.py) designed to be executed via command line. These scripts perform routine file operations: reading directories, validating YAML frontmatter, and creating ZIP archives. All operations are local and triggered by the user. - [DATA_EXFILTRATION] (SAFE): No network operations or calls to external domains were found. The skill does not access sensitive system paths (e.g., ~/.ssh, ~/.aws).
- [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns for downloading or executing remote code. All logic is contained within the local Python files.
- [PROMPT_INJECTION] (SAFE): The documentation files (
output-patterns.md,workflows.md) contain instructional templates for AI agents. These templates follow standard patterns and do not contain attempts to bypass safety filters or override system constraints. - [DYNAMIC_EXECUTION] (SAFE): The scripts use
yaml.safe_load()for parsing metadata, which is the recommended secure practice to prevent arbitrary code execution during deserialization.
Audit Metadata