Skills
skills/canonical/skills/generate-agent-skills/Gen Agent Trust Hub

generate-agent-skills

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates the execution of local automation scripts (scripts/scaffold_skill.py and scripts/validate_skill.py) to manage the lifecycle of agent skill development.
  • [COMMAND_EXECUTION]: The scaffold_skill.py script invokes the git binary via a subprocess call to resolve the repository's root directory for automated file placement.
  • [COMMAND_EXECUTION]: The scaffolding automation applies executable permissions (chmod 0o755) to generated script templates within the new skill's directory.
  • [SAFE]: Input validation is performed on user-provided skill names using a restrictive regex to ensure filenames conform to platform standards and prevent path manipulation.
  • [SAFE]: Metadata validation in scripts/validate_skill.py utilizes yaml.safe_load() to securely parse configuration files without risk of arbitrary code execution through YAML tags.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:36 AM