skill-writing
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a meta-utility for skill development, providing guidelines and automation scripts for repository maintenance.
- [COMMAND_EXECUTION]: The skill includes Python scripts (
quick_validate.py,init_skill.py,package_skill.py,fix_mojibake.py,split_oversized_skills.py, andupgrade_dual_compat.py) designed for repository management. These scripts perform standard operations such as file reading/writing, YAML parsing, and creating ZIP archives. They do not invoke sensitive shell commands or access unauthorized system resources. - [EXTERNAL_DOWNLOADS]: The skill does not perform any automated downloads. While the documentation in
references/skill-authoring-best-practices.mdprovides examples of package installation commands (e.g.,pip install pypdf), these are instructional guidelines for developers and are not executed by the skill itself. - [DATA_EXFILTRATION]: No network activity or exfiltration patterns were detected. All scripts operate exclusively on local files within the project directory.
- [PROMPT_INJECTION]: The skill instructions specifically promote safety and security, directing authors to create skills that are "Secure by default" and "Explicit about failure handling." No adversarial injection patterns were found.
Audit Metadata