skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.run()andsubprocess.Popen()ineval-viewer/generate_review.pyandscripts/run_eval.pyto facilitate its core functions, such as launching an HTTP server for results review and executingclaude -pcommands for skill testing. These are legitimate development tools for the intended workflow. - [EXTERNAL_DOWNLOADS]: The skill fetches the SheetJS library (
xlsx.full.min.js) via CDN ineval-viewer/viewer.htmlto enable spreadsheet rendering within the evaluation viewer. This is a well-known service used for its official purpose. - [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill provides clear documentation on its operations and follows best practices for secret management by recommending
.envfiles.
Audit Metadata