skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as remote code execution, unauthorized network access, or data exfiltration were detected. The skill's components are designed for local development workflows and do not exhibit suspicious behavior.\n- [COMMAND_EXECUTION]: The skill includes Python scripts (
init_skill.py,package_skill.py) that perform local file system operations including directory creation, file writing, and zipping. These actions are restricted to the local environment and are necessary for the skill's primary functionality.\n- [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection as it processes user-provided metadata and directory contents.\n - Ingestion points: Reads skill names and file paths from CLI arguments and reads
SKILL.mdcontent for validation inquick_validate.py.\n - Boundary markers: The
SKILL.mdtemplate provided byinit_skill.pyuses clear[TODO: ...]placeholders to guide user input.\n - Capability inventory: The skill has capabilities to read and write files locally and create zip archives.\n
- Sanitization: The skill implements best practices for processing untrusted data, specifically using
yaml.safe_load()for frontmatter parsing and regex validation for skill identifiers inquick_validate.py.
Audit Metadata