creating-agent-skills
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for managing the local skill development environment, including creating directories (
mkdir), listing files (ls), reading content (cat), and using version control (git). These operations are confined to the user's local skill directory (~/.claude/skills/). - [EXTERNAL_DOWNLOADS]: Instructions include guidance on installing necessary software dependencies via standard package managers like
pipandnpmas part of the skill development process. - [CREDENTIALS_SAFE]: The skill includes a dedicated reference (
references/api-security.md) that explicitly warns against exposing API keys in chat logs. It promotes the use of a secure wrapper script and a local environment file (~/.claude/.env) for managing secrets, which is a recommended security pattern for local agents. - [DYNAMIC_CONTEXT_AWARENESS]: The documentation includes explicit warnings about the risks of dynamic context injection (using the
!prefix) and provides techniques to prevent accidental command execution when displaying code examples in the skill body.
Audit Metadata