skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes local shell commands and Python scripts using subprocesses to manage the lifecycle of skill development, including benchmarking and packaging. It specifically uses the claude CLI to evaluate skill triggering in a simulated environment.\n- [EXTERNAL_DOWNLOADS]: Communicates with the Anthropic API (api.anthropic.com) via the official Python client to perform iterative description optimization. Additionally, the evaluation viewer component loads the SheetJS library from cdn.sheetjs.com.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present in the subagent workflows for grading, comparison, and analysis. These subagents ingest and process data generated by the skills being tested, which may contain adversarial instructions.\n
- Ingestion points: The grader.md and comparator.md agents read transcripts and output files produced during skill execution.\n
- Boundary markers: Subagent instructions do not define clear delimiters or data-isolation protocols to prevent the model from executing instructions embedded in the ingested content.\n
- Capability inventory: The environment provides the skill and its subagents with significant local capabilities, such as bash access and file system operations.\n
- Sanitization: The skill does not perform sanitization or rigorous validation on the output files before they are evaluated by the subagents.
Audit Metadata