skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill implements complex but legitimate functionality for skill development and testing.
- [COMMAND_EXECUTION]: The skill executes several bundled Python scripts and the
claudeCLI tool to perform its core functions, such as running evaluations and packaging skills. These operations are essential to the skill's purpose and are performed within the local project environment. - [EXTERNAL_DOWNLOADS]: The
eval-viewercomponent references the SheetJS library from a well-known content delivery network (cdn.sheetjs.com) to enable spreadsheet rendering in the browser. This is a standard practice for web-based data visualization tools. - [INDIRECT_PROMPT_INJECTION]: As a tool for iterative skill improvement, the system processes user-provided test prompts and feedback. While this creates a surface for indirect prompt injection, the risk is inherent to the development use case and the skill utilizes delimited prompt templates to manage inputs.
Audit Metadata