skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes subprocess calls to manage local resources, such as using lsof for port management of the review server and invoking the platform CLI to execute skill evaluations. These commands are restricted to the local workspace and are necessary for the skill's primary functions.
- [EXTERNAL_DOWNLOADS]: The review interface fetches the SheetJS library from its official CDN (cdn.sheetjs.com). This is used for rendering spreadsheet files within the evaluation viewer and is a well-known, safe resource.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its grading agent evaluates transcripts and outputs from external skills. * Ingestion points: The grader agent in agents/grader.md processes transcript.md and various output files. * Boundary markers: Optimization logic in scripts/improve_description.py uses tags to delineate skill content. * Capability inventory: The skill can perform file system operations and execute commands via the platform's CLI. * Sanitization: Reports are sanitized with html.escape to ensure the safety of the evaluation viewer.
Audit Metadata