skill-builder
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several bash scripts (
analyze-requirements.sh,generate-template.sh,validate-skill.sh) that perform standard file system tasks such as directory creation, file writing, and string parsing. These operations are limited to the skill's local workspace and are appropriate for its functional purpose as a scaffolding tool. - [EXTERNAL_DOWNLOADS]: The documentation and skill instructions reference external resources for the Agent Skills specification, including official documentation at
agentskills.ioand public repositories undergithub.com/vercel-labs. These are well-known and trusted sources for agent development tools. - [DATA_EXFILTRATION]: No network operations or unauthorized data transmission patterns were found. The scripts operate exclusively on local input files or piped JSON data.
- [PROMPT_INJECTION]: The skill includes defensive instructions for the agent to follow a strict 'Prompt Injection Defense' policy, ensuring that instructions are prioritized and malicious embedded data is ignored during the skill generation process.
Audit Metadata