skill-creator-advanced
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/run_eval.pyandscripts/improve_description.pyutilize Python'ssubprocessmodule to call theclaudeCLI. This is a core feature used to programmatically trigger evaluations and optimize skill descriptions based on LLM feedback. The scripts correctly handle process termination and output capture.\n- [REMOTE_CODE_EXECUTION]: Thescripts/run_eval.pyscript executes test queries loaded from an external JSON evaluation set by passing them to the subagent via theclaudeCLI. While this represents the execution of instructions from an external source, it is restricted to the local CLI environment and is the intended method for benchmarking triggering behavior.\n- [PROMPT_INJECTION]: The skill implements iterative loops that ingest data from local project files and evaluation results into prompts for a subagent. This constitutes an indirect prompt injection surface.\n - Ingestion points: Evaluation queries from JSON files and instructions/resources from
SKILL.mdand related metadata.\n - Boundary markers:
scripts/improve_description.pyuses XML-like tags to delimit ingested content, thoughrun_eval.pypasses queries directly to the CLI command.\n - Capability inventory: Subprocess execution of the
claudeCLI for task performance and evaluation.\n - Sanitization: Candidate descriptions are normalized in
scripts/improve_description.pyto remove angle brackets to prevent tag injection or malformed XML generation.
Audit Metadata