The Agent Skills Directory

[COMMAND_EXECUTION]: scripts/run_eval.py utilizes subprocess to execute the claude CLI. This is a core feature used to test whether skill descriptions correctly trigger the agent.
[COMMAND_EXECUTION]: eval-viewer/generate_review.py executes the lsof command to identify and manage the process listening on the local server port, ensuring the review interface can start correctly.
[EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html template downloads the SheetJS library from cdn.sheetjs.com. This is a well-known service used to render spreadsheet data within the browser-based review tool.
[PROMPT_INJECTION]: The skill processes untrusted data such as user-generated skill drafts, execution transcripts, and tool outputs, which represents an indirect prompt injection attack surface.
Ingestion points: agents/grader.md and agents/comparator.md ingest external outputs; scripts/run_eval.py processes user queries.
Boundary markers: scripts/improve_description.py uses XML-style tags to delimit untrusted content from the system instructions.
Capability inventory: The skill can execute local CLI commands and manage the filesystem through its bundled scripts and subagents.
Sanitization: HTML generation scripts use html.escape to prevent cross-site scripting when rendering untrusted content in reports.

skill-creator