The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.Popen in scripts/run_eval.py to execute the claude CLI tool for testing skill triggering. This is a core functional requirement of the skill's evaluation loop.
[EXTERNAL_DOWNLOADS]: The skill references resources from trusted and well-known providers, including Google Fonts and the SheetJS library for rendering Excel files in the evaluation viewer. These are standard frontend dependencies.
[DATA_EXFILTRATION]: In scripts/improve_description.py, the skill uses the official anthropic Python client to send skill descriptions to the Anthropic API for optimization. This aligns with the skill's primary purpose of using LLMs to improve developer-provided content.
[INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface in agents/grader.md and agents/analyzer.md, as these agents ingest data from execution transcripts and outputs produced by potentially untrusted skills. However, the skill explicitly includes security instructions (Principle of Lack of Surprise) warning against creating malicious or misleading content, and the workflow is centered around human-in-the-loop review of all outputs.
[DYNAMIC_EXECUTION]: The eval-viewer/generate_review.py script starts a local HTTP server on 127.0.0.1 to serve an evaluation report. This server is used for local visualization of test results and is restricted to the local loopback interface.

skill-creator