skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides developer-focused utility scripts (
init_skill.py,package_skill.py,quick_validate.py) for managing the lifecycle of AI agent skills. These scripts perform standard file operations such as directory creation, file writing, and archiving in a transparent and documented manner. - [SAFE]: All external documentation references target official platform domains (
docs.claude.com,code.claude.com), which are recognized and trusted sources. - [SAFE]: The skill includes a robust security framework within its documentation, teaching developers how to implement refusal logic and boundary enforcement to protect against prompt injection and data leakage in the skills they create.
- [COMMAND_EXECUTION]: The toolkit includes scripts that write and modify local files (e.g.,
init_skill.pycreatingSKILL.md). These operations are the primary intended function of the developer tool and are not used for malicious purposes. - [DATA_EXFILTRATION]: No patterns of unauthorized data transfer or exfiltration were found. The documentation mentions standard practices for managing environment variables (e.g.,
GITHUB_TOKEN) required for legitimate Git-based plugin distribution.
Audit Metadata