Skills
skills/kcchien/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run() and subprocess.Popen() in eval-viewer/generate_review.py, scripts/run_eval.py, and scripts/run_loop.py to manage background processes, kill specific ports, and invoke the claude CLI for automated skill testing. These are standard operations for a development and evaluation harness.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html file includes a reference to cdn.sheetjs.com to load the SheetJS library for rendering Excel files in the evaluation results viewer. This is a well-known service used for the skill's primary functionality of viewing test outputs.
  • [SAFE]: The skill implements security best practices by recommending the use of .env files for secret management and including a section on the 'Principle of Lack of Surprise', explicitly instructing users not to create malicious skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:09 PM