Skills
skills/zpqq132555/skills/skill-creator-cn/Gen Agent Trust Hub

skill-creator-cn

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to run bundled Python scripts for data aggregation (aggregate_benchmark.py), evaluation (run_eval.py), and optimization (run_loop.py). It also executes the claude CLI tool to test how successfully a skill is triggered by various queries.
  • [COMMAND_EXECUTION]: The generate_review.py script manages local processes using lsof and os.kill to ensure the review server can bind to its designated local port.
  • [DYNAMIC_EXECUTION]: The tool dynamically writes and unlinks temporary command files in the .claude/commands/ directory to test skill triggering behavior during the evaluation loop.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided intent and feedback to generate new agent instructions. It implements safety checks in quick_validate.py, such as prohibiting angle brackets in descriptions to prevent certain injection vectors, and employs a separate 'Grader' agent to verify the correctness of outputs against defined assertions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 06:06 PM