skill-creator
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a validation instruction that uses a shell heredoc to execute Python code via stdin (python
- <<'PY'). This is a documented procedure for bulk validation of local files.
- [COMMAND_EXECUTION]: The scripts/init_skill.py script uses the chmod method to set execution permissions (0755) on newly generated example scripts. This facilitates immediate use of the templates created by the skill.
- [SAFE]: The packaging logic in scripts/package_skill.py implements proactive security measures, including explicitly skipping symbolic links and verifying that all files being archived are contained within the designated skill directory to prevent path traversal.
- [SAFE]: The YAML validation logic in scripts/quick_validate.py utilizes safe loading practices and implements strict schema checks, including length limits and character restrictions on metadata fields.
Audit Metadata