Skills
skills/alirezarezvani/claude-skills/write-a-skill/Gen Agent Trust Hub

write-a-skill

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill is purely instructional and provides local utility scripts for validation.
  • [COMMAND_EXECUTION]: The skill includes Python scripts (scripts/skill_description_validator.py, scripts/skill_review_checklist_runner.py, scripts/skill_structure_validator.py) meant for local validation of skill files. Analysis of these scripts confirms they only use Python standard library modules (os, re, sys, argparse, json) and perform read-only operations on the provided file paths. No subprocess calls, network operations, or arbitrary code execution patterns were found.
  • [EXTERNAL_DOWNLOADS]: The skill references several external URLs for documentation and attribution (e.g., Matt Pocock's GitHub, Anthropic documentation). All referenced domains are well-known, reputable sources. No automated downloads or remote script execution (curl|bash) are present in the skill instructions or scripts.
  • [PROMPT_INJECTION]: The instructions in SKILL.md guide the agent through a specific workflow for helping users create new skills. These instructions are benign and do not attempt to override system prompts or bypass safety guidelines.
  • [DATA_EXFILTRATION]: No sensitive file paths, hardcoded credentials, or network transmission patterns were detected in the skill content or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:00 AM
Security Audit — agent-trust-hub — write-a-skill