skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
run_eval.py,improve_description.py, andgenerate_review.pyutilize the Pythonsubprocessmodule to interact with the local environment. These calls are used to invoke theclaudeCLI for automated testing and thelsofutility for managing the local evaluation viewer's network port. These operations are required for the skill's primary function of benchmarking and managing local development workflows. - [EXTERNAL_DOWNLOADS]: The evaluation viewer (
viewer.html) references the SheetJS library from thecdn.sheetjs.comcontent delivery network. This is a well-known service used to facilitate the rendering of spreadsheet data within the user's browser. This download is documented neutrally as it targets a well-known technology service. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-defined prompts for evaluation.
- Ingestion points: Untrusted data enters the context via
evals/evals.jsonand the evaluation review interface ineval_review.html. - Boundary markers: The skill does not explicitly define character-based delimiters for user-provided prompts within its internal subagent orchestration prompts.
- Capability inventory: The skill has access to the local filesystem for workspace management and the ability to execute CLI commands through
subprocess. - Sanitization: Input validation is focused on YAML configuration structure in
quick_validate.pyrather than content-level sanitization of evaluation prompt strings.
Audit Metadata