skill-eval
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js commands (
node packages/skill-tools/dist/index.mjs) to perform grading and benchmarking. These operations target scripts within the local project structure and are part of the intended workflow for a testing utility. - [EXTERNAL_DOWNLOADS]: Contains a documentation reference to a GitHub repository (
github.com/zwbao/skill-creator-pro). This is used for attribution and technical reference, posing no security risk. - [PROMPT_INJECTION]: The skill implements an evaluation loop that interpolates external data (
evals.json) into prompts for a subagent. While this represents an indirect injection surface, it is the primary purpose of the skill (testing and evaluation) and is contained within the development workspace environment. - [DATA_EXFILTRATION]: The workflow involves reading skill configurations and writing execution transcripts to a
.workspace/directory. All file operations are local to the repository, and no network exfiltration patterns were detected.
Audit Metadata