The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several Python scripts that leverage the subprocess module for legitimate development tasks. Specifically, scripts/run_eval.py uses subprocess.Popen to execute the claude CLI for testing skill triggers, and eval-viewer/generate_review.py uses subprocess.run to call lsof for managing local network ports. These calls are handled using argument lists rather than shell strings, mitigating command injection risks.
[EXTERNAL_DOWNLOADS]: The skill relies on the anthropic Python library to interact with LLMs for description optimization. Documentation within the skill also guides users on how to manage dependencies using standard package managers like pip and npm. These interactions are typical for development tools and target well-known, trusted registries.
[DATA_EXFILTRATION]: While the eval-viewer utility reads local evaluation data and transcripts to generate reports, it serves this content via a local-only loopback interface (127.0.0.1). Analysis of the source code confirms no sensitive data is transmitted to unauthorized external domains.

skill-creator