Skills
skills/diegosouzapw/awesome-omni-skill/claude-code-optimizer/Gen Agent Trust Hub

claude-code-optimizer

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE]: The skill is designed to audit sensitive configuration files including ~/.claude/settings.json and project-level memory files (CLAUDE.md). These locations may contain environment variables, path configurations, or tool permissions.
  • [COMMAND_EXECUTION]: The skill utilizes high-privilege tools such as Bash, Write, and Task to perform audits and coordinate sub-agents like audit-orchestrator and permissions-auditor.
  • [EXTERNAL_DOWNLOADS]: The metadata installation command fetches the skill definition from a public GitHub repository via curl (raw.githubusercontent.com/vbonk/claude-code-optimizer/main/SKILL.md). This is documented as a reference to a well-known service.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests configuration data that may be controlled by third parties in shared repositories.
  • Ingestion points: Reads CLAUDE.md, .claude/settings.json, and other configuration files in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to distinguish between audited data and the agent's instructions.
  • Capability inventory: The skill employs Bash, Write, and Task tools as documented in SKILL.md.
  • Sanitization: There is no explicit logic for validating or sanitizing the content of the configuration files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:56 AM