skill-creator

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python's subprocess module to manage its development lifecycle. Scripts like run_eval.py, run_loop.py, and improve_description.py call the claude CLI binary to test skill triggering and generate improved metadata. Additionally, eval-viewer/generate_review.py executes lsof to manage network ports for the local evaluation viewer.
  • [EXTERNAL_DOWNLOADS]: The evaluation viewer component (viewer.html) loads the SheetJS (xlsx) library from cdn.sheetjs.com. This is a well-known technology service used here to render spreadsheet outputs within the local review interface.
  • [SAFE]: The skill incorporates security best practices by using html.escape in its reporting scripts (generate_report.py) when embedding data from test runs, mitigating potential injection risks from untrusted evaluation outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:19 AM
Security Audit — agent-trust-hub — skill-creator