skill-extract
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a restricted shell pattern
Bash(uv run python*)to execute its internal validation script,scripts/validate_skill.py. This script performs static analysis on new skill definitions to ensure they meet directory, naming, and content standards. - [EXTERNAL_DOWNLOADS]: The validation script references
pyyamlfor parsing skill frontmatter. Installation via standard package managers (uv/pip) for well-known libraries is considered safe practice for development-oriented skills. - [SAFE]: The skill demonstrates a high security posture by incorporating mandatory self-assessment questions and user approval checkpoints. Its scripts use safe practices, such as
yaml.safe_load(), to prevent deserialization vulnerabilities.
Audit Metadata