Skills
skills/ralphcrisostomo/nuxt-development-skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the subprocess module across multiple utility scripts, including run_eval.py and run_loop.py, to execute the claude CLI and manage local Python processes for evaluation.
  • [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script starts a local HTTP server using the standard http.server library to host a review interface for test results.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from api.anthropic.com via the anthropic Python client to optimize skill descriptions. The HTML viewer also references the SheetJS library from a public CDN.
  • [DATA_EXFILTRATION]: Skill metadata and content are transmitted to the trusted Anthropic API to facilitate the iterative improvement of skill instructions and descriptions.
  • [PROMPT_INJECTION]: The skill manages complex workflows involving user-provided test prompts and feedback, which creates a surface for indirect prompt injection. The skill instructions include safety guidelines and a 'Principle of Lack of Surprise' to discourage the creation of malicious skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 05:42 AM