Skills
skills/dataelement/clawith/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py executes the claude command-line interface via subprocess.Popen to perform skill evaluations.
  • [EXTERNAL_DOWNLOADS]: The scripts/improve_description.py script uses the Anthropic Python SDK to communicate with the Anthropic API for generating and optimizing skill descriptions.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html file loads the SheetJS library from cdn.sheetjs.com to provide spreadsheet rendering capabilities within the evaluation viewer.
  • [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script uses os.kill and the lsof command to manage local processes and ensure the viewer's HTTP server can bind to its designated port.
  • [PROMPT_INJECTION]: The skill processes untrusted input in the form of user-provided skill drafts and evaluation prompts. Ingestion points include SKILL.md (via utils.py) and evals/evals.json. Capabilities include command execution through the claude CLI. Sanitization is performed via scripts/quick_validate.py, and the skill utilizes specialized sub-agents (agents/grader.md, etc.) with structured markdown headers as boundary markers to evaluate results.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 02:51 PM