skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's packaging utility implements security safeguards by explicitly skipping symbolic links and ensuring all files are contained within the skill's root directory, which prevents potential path traversal or sensitive file disclosure during the archiving process.
- [SAFE]: Metadata validation logic employs safe YAML loading and restricted property checks, ensuring that the processing of skill configuration files does not lead to arbitrary code execution or unexpected behavior.
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts to manage the creation and packaging of development assets. These scripts perform routine file system operations such as directory management and setting script permissions within the local workspace, which is consistent with its stated purpose as a developer tool.
Audit Metadata