skill-creator
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/init_skill.pyperforms directory creation and file writing to set up new skill templates based on user-provided names. - [COMMAND_EXECUTION]: The script
scripts/package_skill.pyreads local files and creates a ZIP archive (.skill file) using the standardzipfilemodule. - [SAFE]: The packaging logic in
scripts/package_skill.pyincludes proactive security checks, such as explicitly rejecting symlinks and verifying that all files reside within the skill's root directory, which prevents path traversal attacks during the packaging process. - [SAFE]: No network operations, external data exfiltration, or remote code execution patterns were detected. The skill's functionality is entirely focused on local file system management for development workflows.
Audit Metadata