skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Python 'subprocess' module across several utility scripts to execute external CLI tools. Specifically, 'scripts/run_eval.py' invokes the 'claude' CLI to test skill triggering, and 'eval-viewer/generate_review.py' uses 'lsof' to manage local network ports.
- [EXTERNAL_DOWNLOADS]: The evaluation viewer generated by the skill references assets from well-known external services. It loads the 'SheetJS' library from 'cdn.sheetjs.com' for spreadsheet rendering and typography from 'fonts.googleapis.com' and 'fonts.gstatic.com'.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-defined test prompts from 'evals/evals.json' and executes them through subagents, which presents a surface for potential indirect prompt injection.
- Ingestion points: Test prompts enter the system via the 'evals/evals.json' file.
- Boundary markers: The instructions for the subagent task do not utilize specific delimiters to isolate the untrusted test prompt.
- Capability inventory: The skill has the capability to write local files, execute shell commands via 'claude -p', and start a local HTTP server.
- Sanitization: Test prompts are interpolated directly into the task description for the subagents without additional escaping.
- [DYNAMIC_EXECUTION]: The skill performs dynamic operations at runtime, such as generating temporary Markdown configuration files in '.claude/commands/' and launching a local HTTP server on the loopback address (127.0.0.1) to host the benchmark results.
Audit Metadata