skill-creator
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_eval.pyexecutes theclaudeCLI viasubprocess.Popento perform triggering tests. This is a functional requirement for evaluating how skills are activated by the agent. - [COMMAND_EXECUTION]: In
eval-viewer/generate_review.py, the skill usessubprocess.runto calllsoffor port management, which is a standard administrative task for local development servers. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-defined evaluation prompts and their outputs through subagents (grader and analyzer), which constitutes a potential indirect prompt injection surface.
- Ingestion points: User-provided prompts in
evals/evals.jsonand execution outputs from subagents. - Boundary markers: Content is wrapped in XML-style tags (e.g.,
<current_description>) to help the agent distinguish instructions from data. - Capability inventory: The skill can execute shell commands and modify local files within the evaluation workspace.
- Sanitization: The skill relies on model-level instructions for processing content rather than strict programmatic filtering.
- [SAFE]: The packaging utility
scripts/package_skill.pyuses a dedicatedscripts/path_safety.pymodule to prevent path traversal attacks by validating all filenames and paths before processing them. - [SAFE]: The review server started by
eval-viewer/generate_review.pyis hardcoded to listen on127.0.0.1, ensuring that review data and feedback mechanisms are not exposed to the network.
Audit Metadata