Skills
skills/dvduongth/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Python subprocess module to interact with the claude CLI and run internal scripts for task automation, benchmarking, and skill packaging.
  • [EXTERNAL_DOWNLOADS]: The evaluation viewer component (viewer.html) references the SheetJS library from a well-known CDN (cdn.sheetjs.com) to enable spreadsheet rendering in the browser during manual reviews.
  • [PROMPT_INJECTION]: The skill has an inherent indirect prompt injection surface because it processes untrusted data (user-generated test queries and subagent transcripts) through an automated evaluation loop.
  • Ingestion points: Test queries from eval_set.json, user reviews from feedback.json, and execution transcripts from subagents.
  • Boundary markers: Absent; queries are interpolated directly into command files and CLI arguments for testing without protective delimiters.
  • Capability inventory: Extensive use of subprocess.run and subprocess.Popen to execute CLI tools and manage the local filesystem.
  • Sanitization: No sanitization is performed on input queries before they are executed by the Claude CLI in the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 09:59 PM