The Agent Skills Directory

[COMMAND_EXECUTION]: Several Python scripts (run_eval.py, improve_description.py, run_loop.py) utilize the subprocess module to interact with the system and the claude CLI. These calls are used to simulate user queries, trigger skills for testing, and perform AI-driven description optimization. \n- [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script executes lsof and os.kill to manage the local HTTP server used for displaying evaluation results, ensuring the allocated port is available. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from user-provided evaluation sets (queries and prompts). These inputs are interpolated into prompts sent to the LLM during the description optimization process in scripts/improve_description.py. The script uses XML-style tags as boundary markers to mitigate this risk. \n- [SAFE]: The eval-viewer/viewer.html file references the SheetJS library via a well-known CDN (cdn.sheetjs.com) for rendering spreadsheet files in the browser. This is a standard practice for web-based reports and uses a reputable source.

skill-creator-lean