skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides procedural guidance and documentation for a developer workflow. It does not contain executable code itself, but rather references the structure of a skill ecosystem.
  • [COMMAND_EXECUTION]: The documentation mentions the use of local scripts such as scripts/init_skill.py and scripts/package_skill.py. These are presented as standard development tools for initialization and validation within the vendor's (plastic-labs) workflow.
  • [INDIRECT_PROMPT_INJECTION]: As a meta-skill designed to create other skills, it describes patterns for ingesting data into an agent's context (e.g., through references/ and assets/). While this represents a data ingestion surface, the skill provides architectural guidelines to manage this securely and efficiently.
  • [METADATA_POISONING]: The skill's metadata (name and description) accurately reflects its purpose as a development aid for skill creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:25 PM
Security Audit — agent-trust-hub — skill-creator