skill-creator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for legitimate administrative and development tasks. For example, it executes
lsofto manage network ports for its local visualization server and runs scripts to aggregate performance data. - [EXTERNAL_DOWNLOADS]: The skill's documentation and reference files describe the use of search and download tools, such as
web_searchanddownload_from_url, which are intended for researching documentation and fetching assets during the skill creation process. - [DATA_EXFILTRATION]: The skill implements a feature to upload completed skill packages to a library using a platform-specific SDK. This functionality is explicitly documented as a core feature for sharing and persisting created skills and is performed through an authenticated process.
Audit Metadata