skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the development lifecycle by executing local Python utilities and the
claudeCLI via thesubprocessmodule to perform evaluation runs, analyze transcripts, and package skills into distributable formats. - [EXTERNAL_DOWNLOADS]: Retrieves required client-side assets for the evaluation viewer from well-known technology services, including the SheetJS library (
cdn.sheetjs.com) and Google Fonts. - [PROMPT_INJECTION]: As a potential surface for indirect prompt injection, the skill processes untrusted test prompts and feedback data which are used to influence the iteration and grading loop.
- Ingestion points: Reads task prompts from
evals/evals.jsonand human feedback fromfeedback.jsonduring the evaluation and improvement cycles. - Boundary markers: Employs YAML frontmatter delimiters and block scalar formatting in temporary command files to isolate instructions from data.
- Capability inventory: Possesses the ability to execute shell commands via the
claudeCLI and performs extensive local filesystem operations. - Sanitization: Implements YAML validation for metadata and uses standard HTML escaping for data rendered in the review interface.
- [DATA_EXFILTRATION]: Reads and displays workspace file content within a local environment. The evaluation viewer initiates a local server on
127.0.0.1for human inspection of outputs and does not exhibit patterns of unauthorized remote data transmission.
Audit Metadata