The Agent Skills Directory

[COMMAND_EXECUTION]: The tool frequently utilizes the subprocess module across multiple scripts (run_eval.py, run_loop.py, package_skill.py, generate_review.py) to execute the claude CLI, manage local server processes with lsof and kill, and package files with zip. This is necessary for the skill's primary purpose of orchestrating skill lifecycles.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it is designed to ingest and process untrusted user-provided test queries and render external agent outputs.
Ingestion points: User-defined test prompts are read from evals.json in scripts/run_eval.py. Resulting output files (text, images, spreadsheets) are ingested and displayed by the eval-viewer component.
Boundary markers: While the tool uses structured JSON for metadata, the scripts/run_eval.py script generates temporary markdown command files for testing without explicit delimiters to separate the skill description from the queries being tested.
Capability inventory: The tool has the ability to execute shell commands, read/write local files, and initiate a local web server on the loopback interface (127.0.0.1).
Sanitization: The evaluation viewer correctly utilizes HTML entity escaping for text rendering and standard libraries for processing image and spreadsheet data, reducing the risk of XSS during result review.

skill-creator