skills/dfinity/icskills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts run_eval.py, improve_description.py, and generate_review.py utilize the Python subprocess module to interact with the local environment. These calls are used to invoke the claude CLI for automated testing and the lsof utility for managing the local evaluation viewer's network port. These operations are required for the skill's primary function of benchmarking and managing local development workflows.
  • [EXTERNAL_DOWNLOADS]: The evaluation viewer (viewer.html) references the SheetJS library from the cdn.sheetjs.com content delivery network. This is a well-known service used to facilitate the rendering of spreadsheet data within the user's browser. This download is documented neutrally as it targets a well-known technology service.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-defined prompts for evaluation.
  • Ingestion points: Untrusted data enters the context via evals/evals.json and the evaluation review interface in eval_review.html.
  • Boundary markers: The skill does not explicitly define character-based delimiters for user-provided prompts within its internal subagent orchestration prompts.
  • Capability inventory: The skill has access to the local filesystem for workspace management and the ability to execute CLI commands through subprocess.
  • Sanitization: Input validation is focused on YAML configuration structure in quick_validate.py rather than content-level sanitization of evaluation prompt strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 07:18 AM
Security Audit — agent-trust-hub — skill-creator