skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's bundled Python scripts utilize the
subprocessmodule to programmatically call theclaudeCLI and various local utility scripts (aggregate_benchmark,run_loop,package_skill) to automate the skill-development lifecycle. - [PROMPT_INJECTION]: The skill processes untrusted user data (test queries) which are passed to subagents for execution, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through the
evals/evals.jsonconfiguration file and user-provided conversation history. - Boundary markers: The
run_eval.pyscript uses YAML block scalars to encapsulate skill descriptions in temporary command files but lacks explicit delimiters to prevent subagents from obeying instructions embedded within test queries. - Capability inventory: The skill possesses capabilities to execute shell commands, perform filesystem read/write operations (including within the sensitive
.claude/commands/directory), and host a local HTTP server. - Sanitization: The skill performs minimal sanitization or escaping of external test queries before they are interpolated into prompts and passed to the
claudeCLI. - [EXTERNAL_DOWNLOADS]: The HTML review viewer references the SheetJS library and Google Fonts via well-known Content Delivery Networks (CDNs) to support data visualization and typography. These resources are from established providers and are used for their intended functional purposes.
Audit Metadata