when-creating-skill-template-use-skill-builder

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands primarily for validation and testing of the generated templates. It uses npx js-yaml to verify YAML syntax in SKILL.md, the dot command (GraphViz) to validate the process diagram, and standard filesystem commands like test to ensure files were created correctly. These are routine development tasks.
  • [EXTERNAL_DOWNLOADS]: The skill references external tools claude-flow@alpha and js-yaml which are accessed via npx. These packages are used to run and validate the skill-building process and are standard within the intended developer workflow.
  • [REMOTE_CODE_EXECUTION]: Phase 4 of the skill includes an execution test where it runs the newly generated skill using npx claude-flow@alpha skill-run --dry-run. While this involves executing code generated at runtime, it is performed in a dry-run mode for the purpose of validating the template's structure and is an expected feature of a skill builder.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:29 AM
Security Audit — agent-trust-hub — when-creating-skill-template-use-skill-builder