tgw-mcn-creator-profile

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/render_mcn_asset.py to create file skeletons. This is a controlled execution of the skill's own code.
  • [DATA_EXPOSURE]: The skill instructions and reference files (references/privacy-boundary.md, references/creator-fields.md) establish a strict 'Internal' vs 'Brand Safe' boundary. It explicitly instructs the agent to keep sensitive information like private contacts, bottom prices, and negative notes in internal-only fields to prevent accidental exposure.
  • [DYNAMIC_EXECUTION]: The render_mcn_asset.py script generates Markdown files from user input. It includes a yaml_scalar function that uses json.dumps to properly escape strings, effectively preventing YAML injection or formatting breakage when writing extracted data to file headers.
  • [SAFE]: The script implements security best practices, including checking that the output directory is not inside the skill's own package and using atomic file writes with temporary files to ensure data integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:26 AM
Security Audit — agent-trust-hub — tgw-mcn-creator-profile