skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains utility scripts for local file system management, including creating directory structures, writing template files, and bundling assets into zip archives.
init_skill.py: Creates a new skill directory using standard library calls (pathlib.Path). It writes placeholder files for scripts, references, and assets from hardcoded templates.package_skill.py: Uses thezipfilemodule to package skill folders into.skillfiles for distribution.quick_validate.py: Safely parses YAML metadata usingyaml.safe_load()to ensure compliance with the skill specification.- [COMMAND_EXECUTION]: The script
init_skill.pysets executable permissions on generated script templates. - Evidence: The script calls
example_script.chmod(0o755)on the newly createdexample.pyfile to allow direct execution. This is consistent with the intended purpose of the tool. - [SAFE]: No remote code execution, external network requests, or attempts to access sensitive system files were found. All file operations are restricted to the path provided by the user and validated against hyphen-case naming conventions, which prevents path traversal attacks.
Audit Metadata