The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automates development tasks by executing local commands. scripts/run_eval.py and scripts/improve_description.py use subprocess to invoke the claude CLI for testing skill triggers and optimizing descriptions. Additionally, eval-viewer/generate_review.py uses lsof and kill to manage its local HTTP server's port. These executions are legitimate and necessary for the skill's purpose as a developer productivity tool.
[PROMPT_INJECTION]: The skill ingests data from evals/evals.json and feedback.json provided by the user. This data is used to test skill triggering and guide improvements. While this represents a data ingestion surface, the queries are passed to the platform's standard CLI, which maintains existing safety guardrails. Evidence chain:
Ingestion points: eval_set.json is read in scripts/run_eval.py; feedback.json is read in eval-viewer/generate_review.py.
Boundary markers: Absent; queries are passed directly as arguments to the claude CLI.
Capability inventory: The skill executes subprocesses, writes to the local filesystem, and starts a local web server for result visualization.
Sanitization: Absent; the skill relies on the underlying platform's safety filters when executing test queries.
[EXTERNAL_DOWNLOADS]: The eval-viewer component starts a local HTTP server on 127.0.0.1 to visualize results. It references the well-known SheetJS library from a public CDN to process spreadsheet data. This is a standard practice for visualization tools and does not involve unauthorized network connections or data exfiltration.

skill-creator