Skills
skills/lovstudio/dev-skills/lovstudio-skill-optimizer/Gen Agent Trust Hub

lovstudio-skill-optimizer

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for maintenance workflows, including git add, git commit, git push, and rsync --delete. These commands are used to synchronize skill files between source and distribution repositories within the vendor's environment.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it reads and processes external data (the content of other skills) to perform optimizations. If a target skill contains malicious instructions, they could influence the agent's behavior during the optimization process.
  • Ingestion points: Processes SKILL.md, README.md, and scripts from the target skill being optimized in Step 3: Apply fixes directly.
  • Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded prompts in target files.
  • Capability inventory: High; the skill has file-write permissions via the Edit tool and command execution capabilities (git, rsync, python3).
  • Sanitization: None; content from external skills is used directly to determine and apply fixes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:50 AM