skill-expert
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a development tool designed to assist in the creation and validation of other agent skills. It contains no hidden instructions or malicious payloads.
- [COMMAND_EXECUTION]: The skill uses local validation scripts (e.g.,
scripts/validate_skill_md.py) executed via theuvtoolchain. These scripts perform static analysis on file content and do not initiate network connections or execute arbitrary commands. - [PROMPT_INJECTION]: The skill processes third-party skill files, which is a potential surface for indirect prompt injection. However, the risk is minimized by the skill's focus on structural validation and the use of safe parsing libraries. Ingestion points: Files within the user-specified directory processed by the validation scripts. Boundary markers: None identified for the target skill's natural language body. Capability inventory: Capability to create/edit files and execute local Python validation scripts. Sanitization: The skill employs
yaml.safe_load()for frontmatter and uses regex for validating metadata constraints.
Audit Metadata