Skills
skills/okwinds/miscellany/skill-creator-cc/Gen Agent Trust Hub

skill-creator-cc

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py uses subprocess.Popen to execute the claude CLI tool for testing skill triggering and task completion. This behavior is documented and necessary for the skill's evaluation functions.
  • [EXTERNAL_DOWNLOADS]: The skill integrates with the anthropic Python library to access description optimization models and mentions the openskills Node.js package in the README. These dependencies are standard for the skill's optimization and installation workflows.
  • [PROMPT_INJECTION]: The evaluation framework processes test queries provided by the user.
  • Ingestion points: Queries are loaded from JSON files in scripts/run_eval.py.
  • Boundary markers: Queries are passed as command-line arguments to the claude CLI.
  • Capability inventory: The skill uses subprocess.Popen to run local tools.
  • Sanitization: No specific sanitization is performed as the queries are intended for diagnostic testing of other skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:55 PM
Security Audit — agent-trust-hub — skill-creator-cc