skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a development workflow for building AI agent skills. The included scripts (
package_skill.py,aggregate_benchmark.py,generate_report.py, etc.) perform local file operations for data processing and report generation. - [EXTERNAL_DOWNLOADS]: The
viewer.htmlfile includes references to CDNs for Google Fonts and SheetJS (cdn.sheetjs.com). These are well-known technology services and are used for UI rendering, which is considered safe behavior. - [COMMAND_EXECUTION]: Several scripts (
run_eval.py,improve_description.py) execute theclaudeCLI tool via subprocess to run evaluations and generate improved descriptions. This is the intended core functionality of the skill for developers and does not exhibit malicious command injection or privilege escalation. - [DATA_EXFILTRATION]: The skill manages local JSON files for evaluation results and feedback. There are no network operations observed that would send sensitive user data or credentials to untrusted external domains.
- [PROMPT_INJECTION]: The
SKILL.mdcontains natural language instructions for the agent's behavior but does not include any bypass markers, role-play jailbreaks, or attempts to override system safety guidelines.
Audit Metadata