pex-lo-skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The file content is purely instructional markdown. It defines principles and best practices but does not include any scripts, commands, or executable logic.
- [DATA_EXPOSURE] (SAFE): While the file mentions API tokens, they are explicitly used in an 'Anti-Patterns' section as examples of what not to do (e.g., 'hardcoded-value-bad'). No actual credentials or sensitive paths are exposed.
- [PROMPT_INJECTION] (SAFE): There are no patterns suggesting attempts to bypass safety filters or override agent instructions. The language is purely pedagogical.
- [INDIRECT_PROMPT_INJECTION] (LOW): The description indicates the skill's intended purpose involves ingesting external data (textbooks, exam comments, and PDF searches). This is a theoretical attack surface for indirect prompt injection; however, as the skill provides no implementation code to perform these actions, the risk is negligible within this file.
Audit Metadata