skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python's
subprocessmodule in several scripts (scripts/run_eval.py,scripts/aggregate_benchmark.py,eval-viewer/generate_review.py) to execute local CLI commands. These include runningclaude -pfor trigger evaluation andlsofto manage ports for the local review server. This behavior is necessary for the skill's primary purpose as a development and testing tool. - [EXTERNAL_DOWNLOADS]: The evaluation viewer (
eval-viewer/viewer.html) loads external resources including the SheetJS library fromcdn.sheetjs.comand fonts from Google Fonts. SheetJS is a well-known service used for rendering spreadsheets within the UI, and its usage here is transparent and functional. - [DATA_EXFILTRATION]: The skill communicates with the Anthropic API via the
anthropicPython SDK inscripts/improve_description.pyandscripts/run_loop.py. This is the intended mechanism for the 'Description Optimization' feature, sending skill metadata and test results to the LLM to generate improved descriptions. - [PROMPT_INJECTION]: The skill processes untrusted user input (skill content) and interpolates it into prompts for the description optimizer in
scripts/improve_description.py. While this presents an indirect prompt injection surface, the skill employs boundary markers (XML-like tags) to delimit content, and the risk is contained within the local development context.
Audit Metadata