skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns detected across all 10 threat categories.
- [DATA_EXPOSURE] (SAFE): The scripts interact only with the provided skill directory and the user-specified output directory. Path resolution is handled via
pathlib.Path.resolve(), and no sensitive system paths or credentials are accessed. - [COMMAND_EXECUTION] (SAFE): There are no instances of
os.system,subprocess,eval, orexec. The code performs purely logic-based validation and standard file compression. - [EXTERNAL_DOWNLOADS] (SAFE): No network operations or external dependency installations are performed. The scripts rely entirely on Python's standard library (
sys,zipfile,pathlib,re,os). - [METADATA_POISONING] (SAFE): The
quick_validate.pyscript includes active sanitization for metadata, enforcing hyphen-case naming conventions and explicitly forbidding angle brackets in descriptions to prevent basic injection or formatting bypasses.
Audit Metadata