skill-creator
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule to interact with the system environment and the platform's command-line interface. scripts/improve_description.pyandscripts/run_eval.pyexecute theclaudeCLI to perform sub-agent evaluations and test skill triggering. This is a documented interaction pattern for this platform.eval-viewer/generate_review.pyuses thelsofutility to detect and manage conflicts on local network ports.- [EXTERNAL_DOWNLOADS]: The evaluation viewer UI references an external JavaScript library for data processing.
eval-viewer/viewer.htmlloads thexlsxlibrary fromcdn.sheetjs.com. This is a well-known service providing common utility libraries.- [DATA_EXFILTRATION]: The skill starts a local HTTP server to provide a user interface for reviewing test results.
eval-viewer/generate_review.pyruns an HTTP server on127.0.0.1(default port 3117). This activity is confined to the local loopback interface and is intended for user interaction with the benchmark data.- [PROMPT_INJECTION]: The skill ingests user-provided prompts and feedback to refine agent instructions.
- While files like
evals.jsonandfeedback.jsoncreate a surface for indirect prompt injection in the evaluation loop, this is a necessary part of the skill's primary function as a developer tool. The risk is mitigated by the iterative, human-in-the-loop design of the workflow.
Audit Metadata