skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides developer-focused utility scripts (init_skill.py, package_skill.py, quick_validate.py) for managing the lifecycle of AI agent skills. These scripts perform standard file operations such as directory creation, file writing, and archiving in a transparent and documented manner.
  • [SAFE]: All external documentation references target official platform domains (docs.claude.com, code.claude.com), which are recognized and trusted sources.
  • [SAFE]: The skill includes a robust security framework within its documentation, teaching developers how to implement refusal logic and boundary enforcement to protect against prompt injection and data leakage in the skills they create.
  • [COMMAND_EXECUTION]: The toolkit includes scripts that write and modify local files (e.g., init_skill.py creating SKILL.md). These operations are the primary intended function of the developer tool and are not used for malicious purposes.
  • [DATA_EXFILTRATION]: No patterns of unauthorized data transfer or exfiltration were found. The documentation mentions standard practices for managing environment variables (e.g., GITHUB_TOKEN) required for legitimate Git-based plugin distribution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:10 PM
Security Audit — agent-trust-hub — skill-creator