Skills
skills/gitbobobo/skills/complexity-optimizer/Gen Agent Trust Hub

complexity-optimizer

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted source code from external repositories for analysis and optimization. This provides a surface for indirect prompt injection where malicious instructions could be embedded in the code (e.g., in comments) to influence the agent's refactoring output.
  • Ingestion points: scripts/analyze_complexity.py reads file contents from the target repository specified by the user.
  • Boundary markers: The instructions do not define specific delimiters for separating the analyzed code from the agent's internal instructions.
  • Capability inventory: The agent is instructed to read files, run a local Python scanner, propose optimizations, and execute test/build commands to verify changes.
  • Sanitization: The scanner utilizes the Python ast module for structure analysis, which is safe, but the agent's final reasoning could be influenced by malicious content within the scanned files.
  • [SAFE]: The bundled analysis script (scripts/analyze_complexity.py) operates entirely locally using standard Python libraries. No evidence of hardcoded credentials, remote code downloads, or persistence mechanisms was found. The skill follows best practices for codebase auditing by emphasizing behavior preservation and testing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:12 PM
Security Audit — agent-trust-hub — complexity-optimizer