skill-creator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
subprocessmodule andos.killto execute benchmarking scripts and manage the lifecycle of a local results viewer. These operations are targeted at managing its own server and running local evaluation tasks. - [EXTERNAL_DOWNLOADS]: Interacts with the Anthropic API via the
anthropicPython SDK to facilitate AI-assisted optimization of skill descriptions. This communication is restricted to official endpoints and is a necessary feature of the skill. - [PROMPT_INJECTION]: As a tool designed to ingest user prompts and feedback to generate instructions for other AI agents, the skill naturally possesses an indirect prompt injection surface.
- Ingestion points: User prompts in
SKILL.md, iterative feedback stored infeedback.json, and test prompts inevals.json. - Boundary markers: The skill uses standard Markdown and YAML structure but does not include explicit delimiters or safety instructions within the data it processes to prevent adversarial overrides.
- Capability inventory: The skill possesses the capability to write files, execute local commands via
subprocess, and make network requests through the Anthropic API. - Sanitization: Implements structure and length validation in
quick_validate.pyand usesyaml.safe_loadto mitigate common deserialization risks.
Audit Metadata