meta-prompting

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core prompt-iteration behavior is coherent and mostly benign, but the footprint expands to unverifiable local components and a custom Python engine that may receive API keys. The skill is not overtly malicious and contains no pre-execution payloads or clear exfiltration, yet its undocumented dependency chain and credential-forwarding example make it higher risk than a pure prompt-engineering skill should be.

Confidence: 83%Severity: 66%
Audit Metadata
Analyzed At
May 19, 2026, 11:31 AM
Package URL
pkg:socket/skills-sh/HermeticOrmus%2Fhermetic-claude%2Fmeta-prompting%2F@a5453541a384cefe768b35046854f6fd031f6d05
Security Audit — socket — meta-prompting