Skills
skills/charles1614/agent-skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts scripts/run_eval.py and scripts/improve_description.py execute the claude CLI tool using Python's subprocess module to perform skill evaluations and description optimizations.
  • [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script executes the lsof command via subprocess.run to manage local network ports for its review server.
  • [INDIRECT_PROMPT_INJECTION]: * Ingestion points: Untrusted user-provided test prompts are read from the evals/evals.json file. * Boundary markers: Prompts are passed as arguments to the claude CLI in scripts/run_eval.py without markers to distinguish them from system instructions. * Capability inventory: The skill possesses the ability to execute shell commands, write files to the local system, and host a local HTTP server. * Sanitization: The skill does not perform sanitization or validation of test prompts before they are executed by the agent session.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:50 AM