skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were identified. The skill's primary function is to serve as a meta-tool for skill creation.
- [COMMAND_EXECUTION]: The skill includes local Python utility scripts (
scripts/init_skill.py,scripts/package_skill.py,scripts/quick_validate.py) designed for developer use. These scripts perform standard filesystem tasks such as directory creation, writing template files from internal strings, and zipping directories for distribution. - [SAFE]: The
scripts/quick_validate.pyscript utilizesyaml.safe_load()to parse user-provided YAML frontmatter inSKILL.mdfiles. This is a secure implementation that prevents YAML deserialization attacks. - [SAFE]: While
scripts/init_skill.pymodifies file permissions (chmod 0o755) on generated template scripts, this behavior is restricted to the files it creates and is a standard requirement for generating executable CLI tools.
Audit Metadata