skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- File System Operations (SAFE): The scripts perform file reading and writing strictly for the purpose of creating a ZIP archive. It uses
pathlib.Path.resolve()to handle file paths and the standardzipfilemodule. - Validation Logic (SAFE):
scripts/quick_validate.pyimplements basic security checks on user-provided metadata, such as preventing angle brackets in descriptions to mitigate simple injection risks in downstream UI components and enforcing strict naming conventions using regular expressions. - No External Dependencies (SAFE): The scripts rely entirely on Python's standard library (sys, os, re, pathlib, zipfile), which minimizes the risk of supply chain attacks or unverifiable remote code execution.
- No Network Activity (SAFE): There are no calls to
curl,wget,requests, or any other networking functions. Data remains local to the system performing the packaging.
Audit Metadata