entity-optimizer
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts found in the
${CLAUDE_PLUGIN_ROOT}to fetch entity data. - Evidence: Commands such as
python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/kg.py" reconcile "<entity>"are used to interface with the Knowledge Graph API. - These operations are restricted to internal helper scripts and are used solely for the skill's primary purpose of entity optimization.
- [PROMPT_INJECTION]: The skill processes information from external sources (Wikidata, Wikipedia, GDELT), creating an attack surface for indirect prompt injection.
- Ingestion points: Results from the Knowledge Graph API and GDELT news mentions are incorporated into the agent's context during audits.
- Boundary markers: Explicit boundary markers for external data are not specified in the instructions.
- Capability inventory: The skill can execute local scripts and write entity profiles to the
memory/entities/folder. - Sanitization: Data from well-known and reputable services (Wikidata, GDELT) is ingested to provide entity health scores and signal analysis. This is a low-risk pattern given the trusted nature of the data sources.
Audit Metadata