The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the subprocess module to invoke the claude CLI tool and manage local system utilities like lsof and kill. These actions are necessary to execute skill evaluations and manage the lifecycle of the local evaluation viewer server.
[EXTERNAL_DOWNLOADS]: The evaluation viewer incorporates the SheetJS library from a public CDN (cdn.sheetjs.com) and assets from Google Fonts. These are well-known technology services used to provide standard spreadsheet rendering and typography within the result viewer.
[PROMPT_INJECTION]: The skill's primary workflow involves an indirect prompt injection surface where untrusted data enters the agent context.
Ingestion points: Untrusted data enters the context via evals/evals.json (test prompts) and feedback.json (user feedback).
Boundary markers: Explicit delimiters or warnings to ignore embedded instructions are not consistently implemented in the orchestration scripts.
Capability inventory: The skill can execute shell commands via the claude -p interface (scripts/run_eval.py), write files to the local system (scripts/package_skill.py), and spawn subagents to run evaluations.
Sanitization: External content from feedback and prompts is interpolated into improvement prompts without specific escaping, relying on the model's instruction-following capabilities.

skill-creator