skill-creator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local Python scripts to orchestrate the development process. It executes the
claudeCLI through subprocesses to perform evaluations of skills against test prompts. This is the primary function of the skill and is handled using local tools. - [PROMPT_INJECTION]: The skill processes user-provided test cases and skill descriptions, creating a surface for indirect prompt injection. A malicious description or test query could attempt to manipulate the behavior of subagents during the testing phase.
- Ingestion points: Queries are loaded from
evals/evals.jsonor generated during trigger optimization. Skill descriptions are read fromSKILL.md. - Boundary markers: The skill uses YAML block scalars and specific file templates to structurally isolate descriptions in temporary command files.
- Capability inventory: The skill can execute subprocesses, spawn subagents, and communicate with the Anthropic API.
- Sanitization: The skill performs structural formatting but does not semantically sanitize the content of test queries.
- [EXTERNAL_DOWNLOADS]: The
eval-viewercomponent references the SheetJS library from a well-known CDN (cdn.sheetjs.com) to enable spreadsheet rendering in the browser. This download is for a legitimate UI feature and targets a reputable service.
Audit Metadata