skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/package_skill.pyperforms standard file system operations (reading files and creating zip archives) essential for its packaging functionality. It does not spawn shells or execute arbitrary user-provided commands. - [REMOTE_CODE_EXECUTION] (SAFE): Script
scripts/quick_validate.pyusesyaml.safe_load()to parse frontmatter, which is a secure practice that prevents arbitrary code execution during YAML deserialization. - [DATA_EXFILTRATION] (SAFE): No network operations or unauthorized file access patterns were detected. The script only accesses files within the designated skill folder.
- [PROMPT_INJECTION] (SAFE): The markdown files in the
references/directory contain formatting templates and instructional examples. These are standard documentation patterns and do not attempt to override the agent's system instructions or safety filters.
Audit Metadata