skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill provides a structured framework for developers to iterate on agent skills safely within their local environment.
  • [COMMAND_EXECUTION]: The skill uses subprocess to interact with the platform's official claude CLI for testing triggering accuracy and to manage local ports via lsof. These are legitimate operations for a developer tool.
  • [EXTERNAL_DOWNLOADS]: The HTML-based evaluation viewer loads the SheetJS library from a well-known and reputable CDN (cdn.sheetjs.com) to enable local rendering of spreadsheet data. This is standard functionality for visualization tools.
  • [DATA_EXFILTRATION]: All data handled by the skill, including test prompts, workspace results, and user feedback, is stored and processed on the local file system. No evidence of unauthorized network transmission was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — skill-creator