The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the SheetJS library (xlsx.full.min.js) from a well-known CDN (cdn.sheetjs.com) and Google Fonts to render the evaluation viewer and process spreadsheet outputs. These are standard practices for web-based data visualization and are considered safe within the context of generating user reports.
[COMMAND_EXECUTION]: The skill uses subprocess.run and subprocess.Popen in several Python scripts (run_eval.py, improve_description.py, run_loop.py) to execute claude CLI commands. This is the core functionality of the skill, used to run parallel test cases and description optimization loops. All executed commands are internally generated based on the user's skill-creation task.
[REMOTE_CODE_EXECUTION]: While the skill executes code, it is limited to the skill's own bundled scripts and the system's claude CLI. It does not fetch and pipe arbitrary remote scripts into a shell (e.g., no curl | bash patterns).
[DATA_EXPOSURE]: The skill reads and writes files within a designated workspace (<skill-name>-workspace/) and standard temporary directories. It handles user-provided prompts and skill instructions but does not attempt to access sensitive system files like SSH keys or cloud credentials.
[PROMPT_INJECTION]: The SKILL.md instructions contain strict guidelines for the AI to follow a specific workflow. It does not contain any 'Ignore previous instructions' or bypass commands. In fact, it includes safety principles (Principle of Lack of Surprise) explicitly instructing the created skills not to contain malware or exploits.

skill-creator