skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
package_skill.pyautomates the creation of a ZIP archive from a local directory. It uses standard library functions and does not execute arbitrary shell commands or untrusted binaries. - [DATA_EXFILTRATION] (SAFE): There are no network calls or functions that would facilitate the transmission of data to external endpoints. The file operations are strictly local to the filesystem.
- [PROMPT_INJECTION] (SAFE): The documentation files (
output-patterns.mdandworkflows.md) provide structured templates for the agent. These examples do not contain instructions to override system prompts or bypass safety filters. - [DYNAMIC_EXECUTION] (SAFE): The validation logic in
quick_validate.pycorrectly usesyaml.safe_load()for parsing configuration files, which prevents the execution of arbitrary Python objects during the parsing process.
Audit Metadata