Skills
skills/coinbase/cds/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run and subprocess.Popen in several scripts (eval-viewer/generate_review.py, scripts/run_eval.py, scripts/improve_description.py) to manage local development tasks.
  • Evidence: subprocess.Popen is used in run_eval.py to launch claude -p for testing skill triggering.
  • Evidence: subprocess.run is used in improve_description.py to call the local claude CLI for description optimization.
  • Evidence: generate_review.py uses lsof and kill via subprocess to manage its internal web server ports.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer component loads the SheetJS library from a well-known content delivery network (cdn.sheetjs.com).
  • Evidence: eval-viewer/viewer.html includes a script tag for xlsx.full.min.js from cdn.sheetjs.com to render spreadsheets during eval review.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:56 PM
Security Audit — agent-trust-hub — skill-creator