skill-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill's primary purpose is to help the user create directory structures and write files for new skills. It uses standard shell commands like 'mkdir' and 'cat' to perform these tasks, which is expected behavior for a 'Skill Builder' utility.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation mentions installing the 'pyyaml' library and cloning a repository from GitHub. These are standard dependencies for the validation script and repository management.
- [DATA_EXPOSURE] (SAFE): The provided 'validate-skill.py' script reads the content of local 'SKILL.md' files to verify their structure. It utilizes 'yaml.safe_load()' to parse frontmatter, which is a secure practice that prevents the execution of arbitrary code during the parsing process.
- [PROMPT_INJECTION] (SAFE): No malicious override patterns, 'ignore previous instructions' triggers, or attempts to extract system prompts were detected. The use of 'IMPORTANT' in the instructions refers to formatting and keyword requirements for skill discovery.
Audit Metadata