Skills
skills/jettyio/jettyio-skills/optimize-runbook/Gen Agent Trust Hub

optimize-runbook

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves a sensitive authentication token from the local file path ~/.config/jetty/token to authorize its operations.\n- [DATA_EXFILTRATION]: The authentication token is sent to the flows-api.jetty.io domain via HTTP headers in curl commands. This domain aligns with the author's ('jettyio') vendor resources and is used for retrieving workflow trajectory data.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted workflow execution data and using it to drive modifications to local files.\n
  • Ingestion points: Workflow data is ingested from /app/trajectory.json in headless mode and from API responses from flows-api.jetty.io in interactive mode.\n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the ingested data as untrusted or to ignore instructions embedded within the JSON content.\n
  • Capability inventory: The skill utilizes the Edit tool to perform modifications to local runbook files based on the analyzed patterns.\n
  • Sanitization: No sanitization or validation of the text content within the trajectory data is performed before it is used to generate file edits.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 09:26 PM