Skills
skills/panaversity/agentfactory-business-plugins/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Several scripts, including scripts/run_eval.py and scripts/improve_description.py, execute the claude CLI via subprocesses to test skill triggers and generate improvements. These calls are properly parameterized and do not use a shell, mitigating command injection risks.
  • [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script uses system utilities like lsof and kill to manage the local server's port. These calls are restricted to specific, safe arguments.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it interpolates untrusted user data—such as test queries and evaluation feedback—directly into prompts for subagents. While this is a vulnerability surface, the risk is localized to the development cycle of new skills.
  • [DATA_EXFILTRATION]: The eval-viewer/generate_review.py script starts a local HTTP server binding to 127.0.0.1. This server reads and serves files (including base64-encoded PDF and XLSX files) from the evaluation workspace to the user's browser for review.
  • [SAFE]: The skill implements best practices for handling data, such as using yaml.safe_load in scripts/quick_validate.py to prevent unsafe deserialization of skill metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 01:30 PM
Security Audit — agent-trust-hub — skill-creator