skill-creator

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py executes the claude CLI via subprocess.Popen to perform triggering tests. This is a functional requirement for evaluating how skills are activated by the agent.
  • [COMMAND_EXECUTION]: In eval-viewer/generate_review.py, the skill uses subprocess.run to call lsof for port management, which is a standard administrative task for local development servers.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-defined evaluation prompts and their outputs through subagents (grader and analyzer), which constitutes a potential indirect prompt injection surface.
  • Ingestion points: User-provided prompts in evals/evals.json and execution outputs from subagents.
  • Boundary markers: Content is wrapped in XML-style tags (e.g., <current_description>) to help the agent distinguish instructions from data.
  • Capability inventory: The skill can execute shell commands and modify local files within the evaluation workspace.
  • Sanitization: The skill relies on model-level instructions for processing content rather than strict programmatic filtering.
  • [SAFE]: The packaging utility scripts/package_skill.py uses a dedicated scripts/path_safety.py module to prevent path traversal attacks by validating all filenames and paths before processing them.
  • [SAFE]: The review server started by eval-viewer/generate_review.py is hardcoded to listen on 127.0.0.1, ensuring that review data and feedback mechanisms are not exposed to the network.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:40 AM
Security Audit — agent-trust-hub — skill-creator