skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
subprocessmodule to interact with developer CLI tools includingclaude,codex, andopenclaw. These commands are used to execute sub-agent tasks, run evaluation loops, and package skill bundles. - [EXTERNAL_DOWNLOADS]: The evaluation viewer UI (
viewer.html) fetches the SheetJS library from the well-known servicecdn.sheetjs.comto render spreadsheet files locally in the browser. - [PROMPT_INJECTION]: The skill acts as an optimization loop for AI prompts. It manages the risk of instruction leakage by using structured XML delimiters (e.g.,
<new_description>,<skill_content>) to separate system instructions from the data being optimized. - [DATA_EXFILTRATION]: The skill implements a local evaluation viewer by starting an
HTTPServeringenerate_review.py. This server is bound to the loopback interface (127.0.0.1) and is used solely to facilitate human review of test results. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external data such as user-provided test sets and feedback files. It implements sanitization via
html.escapein its reporting scripts and uses clear boundary markers in its sub-agent transcripts to mitigate these risks.
Audit Metadata