skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several Python scripts and CLI tools to manage the development lifecycle of other skills.
- Runs background optimization loops using
scripts/run_loop.py. - Executes
scripts/aggregate_benchmark.pyto process performance data. - Uses
claude -pvia subprocess inscripts/run_eval.pyto simulate agent triggering based on descriptions. - Provides a packaging utility
scripts/package_skill.pythat creates .skill zip files. - [EXTERNAL_DOWNLOADS]: The skill references and fetches standard web assets and libraries for its evaluation viewer.
- Loads SheetJS from a CDN (
cdn.sheetjs.com) in the HTML viewer to render Excel files. - Uses Google Fonts (
fonts.googleapis.com) for the review interface. - These are well-known, trusted sources for frontend assets.
- [SAFE]: The skill implements security best practices by separating logic into specialized scripts and using a local-only HTTP server for the evaluation viewer. It explicitly includes safety guidelines in its instructions (
SKILL.md) warning against the creation of malicious skills.
Audit Metadata