The Agent Skills Directory

[SAFE]: The skill is a legitimate development utility with no detected malicious behaviors or intent. Its operations are properly scoped to the developer workflow.\n- [COMMAND_EXECUTION]: The skill utilizes the subprocess module to execute the claude CLI and various internal Python scripts. This is required for running evaluations and benchmarks. Command calls are constructed safely using list-based arguments, minimizing injection risks.\n- [EXTERNAL_DOWNLOADS]: The evaluation viewer (viewer.html) loads the SheetJS library from a well-known and trusted CDN (cdn.sheetjs.com) to enable local spreadsheet rendering. This is a standard visualization dependency.\n- [DATA_EXFILTRATION]: The skill launches a local HTTP server (127.0.0.1) to serve its evaluation viewer. This network binding is restricted to the local machine, preventing remote access to sensitive evaluation data.\n- [PROMPT_INJECTION]: The skill includes explicit defensive instructions to the agent (under the 'Principle of Lack of Surprise') to refuse the creation of malicious skills or instructions designed for unauthorized access.

skill-creator