skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts rely on standard libraries and the PyYAML package. No remote scripts are downloaded or executed.- Dynamic Execution (SAFE): Code does not use eval(), exec(), or other dynamic execution functions. YAML is parsed using safe_load() to prevent arbitrary code execution during deserialization.- Data Exposure & Exfiltration (SAFE): File access is restricted to the local filesystem for the purpose of packaging; no data is transmitted over the network or written to unauthorized locations.- Metadata Poisoning (SAFE): The validation script actively sanitizes metadata fields for length and character content (e.g., prohibiting angle brackets), which prevents common injection vectors in skill definitions.
Audit Metadata