skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
viewer.htmlfile fetches the SheetJS library fromcdn.sheetjs.comto enable spreadsheet rendering within the evaluation viewer. This is a well-known technology service used for document processing. - [COMMAND_EXECUTION]: Several scripts, including
run_eval.pyandimprove_description.py, utilize the Pythonsubprocessmodule to invoke the platform'spiCLI for running evaluations and generating descriptions. Thegenerate_review.pyscript also uses system commands likelsofandkillto manage local network ports for its HTTP server. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided test cases and feedback to refine instructions.
- Ingestion points: Untrusted data enters the context via
evals.jsonandfeedback.json, which are read during the improvement cycle. - Boundary markers: The skill uses XML-style delimiters (e.g.,
<current_description>,<skill_content>) to separate instructions from processed data. - Capability inventory: Subprocess execution capabilities are present in
run_eval.pyandimprove_description.pyto facilitate testing. - Sanitization: The scripts use regular expressions to strictly extract content within expected tags, reducing the risk of the model following instructions embedded within the data.
- [DATA_EXPOSURE]: The skill manages data within a local workspace directory, reading transcripts and saving feedback. This data handling is confined to the local filesystem and the local web server provided for the user.
Audit Metadata