Skills
skills/zpqq132555/skills/skill-creator-cn/Gen Agent Trust Hub

skill-creator-cn

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py uses subprocess.Popen to programmatically invoke the claude CLI tool to verify skill trigger behavior across different test cases.
  • [COMMAND_EXECUTION]: The eval-viewer/generate_review.py script utilizes subprocess.run to call the lsof utility and uses os.kill to manage local server processes, ensuring the necessary network port is available for the review dashboard.
  • [PROMPT_INJECTION]: The skill provides a framework for indirect prompt injection via the processing of user-defined evaluation queries stored in evals/evals.json which are subsequently executed as CLI arguments. Ingestion points: user-provided strings in evals/evals.json. Boundary markers: none. Capability inventory: includes shell command execution and local file system access. Sanitization: no sanitization or escaping is performed on the evaluation queries before they are passed to the subprocess.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 01:52 AM