skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The Python scripts (
package_skill.pyandquick_validate.py) perform local file operations such as reading and zipping files. They do not usesubprocess,os.system, or any other functions to execute shell commands. - [DATA_EXFILTRATION] (SAFE): No network operations (e.g.,
requests,urllib,socket) or sensitive file path access (e.g.,.ssh,.aws) were found. The scripts interact only with the specified skill folder. - [DYNAMIC_EXECUTION] (SAFE): YAML parsing in
quick_validate.pyusesyaml.safe_load(), which is a secure practice to prevent arbitrary object instantiation and code execution during deserialization. - [PROMPT_INJECTION] (SAFE): The documentation files (
output-patterns.md,workflows.md) provide structural examples for LLM interaction but do not contain instructions to bypass safety filters or override system prompts. - [EXTERNAL_DOWNLOADS] (SAFE): No remote script downloads or package installations are performed at runtime.
Audit Metadata