skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocessmodule to interact with the platform's CLI (claude) and to manage local server processes. This is the primary mechanism for testing skill performance and optimization. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it is designed to ingest and execute untrusted user-provided prompts and skill drafts for evaluation purposes.
- [EXTERNAL_DOWNLOADS]: The web-based evaluation viewer downloads resources from well-known services, specifically the SheetJS library for spreadsheet rendering and Google Fonts for the user interface.
Audit Metadata