The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection (Category 8) because its primary function is to ingest natural language descriptions from users to generate executable SKILL.md files and test prompts.
Ingestion points: User-provided intents and descriptions in SKILL.md and test case prompts in evals/evals.json.
Boundary markers: Absent; user input is interpolated into instructions for subagents without explicit delimiters to prevent the subagent from following instructions embedded within the data.
Capability inventory: The skill can spawn subagents (claude -p), execute shell commands (subprocess.Popen), and write arbitrary files to the local filesystem.
Sanitization: There is no evidence of sanitization or validation of user-provided content before it is used to generate instructions or test commands.
[EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html file references a script from cdn.sheetjs.com (SheetJS). As this is a well-known and trusted service for spreadsheet processing, this reference is documented neutrally as a functional dependency for the benchmark viewer.
[COMMAND_EXECUTION]: Several scripts (run_eval.py, generate_review.py) use the subprocess module to execute system commands such as claude, lsof, and kill. These operations are localized to the intended purpose of managing ports for the local viewer and running evaluation loops.

skill-creator