The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the subprocess module to execute system commands including claude -p, python, lsof, kill, and open. These commands are used to automate the evaluation of skill triggering, manage background processes for the results viewer, and open local reports in the browser.
[EXTERNAL_DOWNLOADS]: The web-based evaluation viewer (viewer.html) references standard assets from well-known technology services, including the SheetJS library from cdn.sheetjs.com and typography from Google Fonts (fonts.googleapis.com). These are legitimate references for providing common web functionality.
[PROMPT_INJECTION]: The skill is designed to process untrusted data in the form of skill drafts and test prompts. This represents an indirect prompt injection surface as these inputs are interpolated into automated optimization queries. The skill employs boundary markers (XML-style tags) and structural instructions to manage this surface appropriately for its role as a development tool.
[DATA_EXPOSURE]: The skill performs local filesystem operations, such as creating temporary skill files in the project's .claude/commands/ directory to test triggering behavior and storing evaluation data in a workspace folder. These operations are transparent, documented, and required for the skill's core functionality.

skill-creator