Skills
skills/steveonead/agent-skills/ito-skill/Gen Agent Trust Hub

ito-skill

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/validate-metadata.py using arguments derived from user input or existing skill metadata (--name "[name]" --description "[description]"). This creates a potential command injection surface if the agent executes the instruction in a shell environment without proper argument escaping.
  • [SAFE]: All operations, including file reads, writes, and script executions, are restricted to the local .claude/skills/ directory. No network activity or unauthorized access to sensitive system files (e.g., SSH keys, AWS credentials) was detected.
  • [SAFE]: The bundled Python script scripts/validate-metadata.py was analyzed and found to contain only benign validation logic using standard Python libraries (re, sys, argparse).
  • [SAFE]: The skill does not use any external dependencies or remote code downloads; it relies entirely on the local files provided in the skill folder.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 08:10 AM
Security Audit — agent-trust-hub — ito-skill