skill-author
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structural templates and automation for developers. The primary operations are local file creation and text analysis within the user's own repository.
- [COMMAND_EXECUTION]: The skill includes two Bash scripts,
new-skill.shandlint-skill.sh. new-skill.shhandles skill name input with strict sanitization ([a-zA-Z0-9_-]), effectively preventing command injection or path traversal when creating directories or copying templates.lint-skill.shperforms static analysis of Markdown and script files using standard tools likeawk,sed, andgrepwithout executing the files being analyzed.- [REMOTE_CODE_EXECUTION]: The documentation references external tools like
uvxandnpxand provides templates for PEP 723 Python scripts. These are presented as best-practice examples for the user to implement in their own skills rather than being executed by theskill-authorskill itself. No automatic remote code execution was detected. - [DATA_EXFILTRATION]: There are no network operations, credential accesses, or sensitive data reads performed by the skill's scripts or instructions.
- [PROMPT_INJECTION]: The skill instructions are purely instructional and educational, with no attempts to override system prompts or bypass safety filters.
Audit Metadata