skill-creator
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes several utility scripts (init_skill.py, package_skill.py, quick_validate.py) designed for local skill development. Analysis of these scripts confirms they use standard libraries and perform expected file-system operations without malicious intent.
- [SAFE]: Data processing in quick_validate.py uses yaml.safe_load() to parse skill metadata, effectively preventing unsafe deserialization attacks.
- [COMMAND_EXECUTION]: The init_skill.py script applies executable permissions (chmod 755) to generated example scripts. This is a standard and expected operation for creating functional automation tools within the agent ecosystem.
- [SAFE]: User-provided skill names are sanitized using regular expressions in init_skill.py (normalizing to hyphen-case), which prevents path traversal or shell injection through malformed filenames.
- [SAFE]: No network operations, credential access, or persistence mechanisms were detected across any of the skill's files or scripts.
Audit Metadata