skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The provided scripts (
package-skill.ts,validate-skill.ts) are legitimate developer utilities. They perform standard file system operations using the Bun runtime to facilitate skill development workflows. No network activity or unauthorized data access patterns were found. - [Indirect Prompt Injection] (SAFE): The tool processes user-provided skill files but implements sanitization measures.
- Ingestion points:
scripts/package-skill.tsandscripts/validate-skill.tsread file contents from the local file system. - Boundary markers: Not applicable for a packaging utility.
- Capability inventory: File system read and write (Bun.file, Bun.write).
- Sanitization:
validate-skill.tsenforces length limits and explicitly disallows angle brackets (<,>) in descriptions to prevent potential injection when rendered in a UI.
Audit Metadata