skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several utility scripts (e.g.,
init_skill.py,export_skill.sh) that perform legitimate file system operations, such as creating directories, copying templates, and compressing files into ZIP archives using standard system utilities likezipandmkdir. - [EXTERNAL_DOWNLOADS]: The distribution scripts (
publish_skill.shandexport_skill.sh) perform network operations to upload packaged skills to the system's backend API (TASK_API_DOMAIN). These operations are authenticated and directed toward the vendor's own infrastructure as part of the intended workflow. - [CREDENTIALS_UNSAFE]: Authentication is handled via an environment-provided
auth_tokenfrom theTASK_INFOvariable. This token is used dynamically for API requests and is not hardcoded within the source code. - [PROMPT_INJECTION]: The skill provides instructions and examples for creating well-structured prompts but does not contain any patterns attempting to bypass safety filters or override system instructions.
Audit Metadata