creating-skills
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several TypeScript utility scripts (
init-skill.ts,package-skill.ts,validate-skill.ts) designed to be executed vianpx(usingts-nodeortsx). These scripts perform necessary file system operations such as directory creation, file reading/writing, and file permission adjustments (chmod 755) to facilitate the skill development lifecycle. - [EXTERNAL_DOWNLOADS]: The documentation references
agentskills.ioas an external resource for the official specification. This is a legitimate documentation link and does not involve automated downloads or remote code execution. - [DATA_EXFILTRATION]: The packaging script (
package-skill.ts) reads files within the local skill directory to create a compressed.skill(ZIP) archive for distribution. This behavior is consistent with the skill's stated purpose of managing and packaging development assets. - [SAFE]: All identified behaviors, including the use of local utility scripts and references to external documentation, are aligned with the intended purpose of a developer tool for creating AI agent extensions.
Audit Metadata