Skills
skills/rockcookies/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py invokes the claude CLI tool to evaluate skill triggering accuracy. Additionally, eval-viewer/generate_review.py utilizes the lsof command and os.kill function to manage process ports for the local visualization server.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of user-defined tasks and prompts by spawning subagents. This behavior is central to its intended purpose of validating skill performance and providing iterative improvements based on execution transcripts.
  • [SAFE]: The evaluation viewer script (eval-viewer/generate_review.py) initializes a Python HTTPServer bound strictly to the 127.0.0.1 loopback interface, ensuring that the visual results and feedback mechanism are not exposed to external networks.
  • [SAFE]: The viewer.html asset references the SheetJS library from a well-known CDN for the purpose of rendering spreadsheet data within the local evaluation interface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 02:21 PM