Skills
skills/kisae-lee/agentic-workflow/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands to support its development and testing workflow.
  • Evidence in scripts/run_eval.py: Uses subprocess.Popen to call the claude CLI with user-provided queries to test skill triggering thresholds.
  • Evidence in eval-viewer/generate_review.py: Uses subprocess.run to execute the lsof utility for port management when starting the local feedback server.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to the ingestion of external data during the optimization loop.
  • Ingestion points: Processes test cases from eval_set.json (ingested in scripts/run_loop.py) and qualitative feedback from feedback.json (as described in the SKILL.md workflow).
  • Boundary markers: The skill does not implement explicit delimiters or instructional guarding when interpolating these external strings into agent prompts.
  • Capability inventory: The skill has the ability to execute shell commands via the CLI, write files to the local directory (to update SKILL.md), and spawn subagents for autonomous evaluation.
  • Sanitization: Input data from the evaluation and feedback files is used directly without sanitization or structural validation against injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:56 AM
Security Audit — agent-trust-hub — skill-creator