skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Python's
subprocessandosmodules to manage the development lifecycle, including executing theclaudeCLI for evaluations, controlling a local web server for the results viewer, and automating packaging and benchmarking tasks. - [EXTERNAL_DOWNLOADS]: The
eval-viewer/viewer.htmlcomponent fetches the SheetJS library fromcdn.sheetjs.com. This is a well-known service used to provide spreadsheet rendering capabilities within the review interface. - [DYNAMIC_EXECUTION]: The grader subagent instructions (
agents/grader.md) suggest that the agent can generate and execute scripts at runtime to programmatically verify test assertions. This is an intended feature of the testing harness. - [INDIRECT_PROMPT_INJECTION]: The skill has an indirect injection surface as it processes external data from evaluation files and user feedback to inform skill improvements.
- Ingestion points: Reads
evals/evals.json,feedback.json, and execution transcripts (referenced inSKILL.mdandagents/grader.md). - Boundary markers: Absent in the prompts generated for the skill optimizer.
- Capability inventory: Includes subprocess execution, file writes, and network access via platform tools (documented in
scripts/run_eval.pyandscripts/improve_description.py). - Sanitization: Content from feedback and evaluation outputs is interpolated into optimizer prompts without specific escaping or structural validation.
Audit Metadata