lovstudio-skill-optimizer

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a series of shell commands automatically, including git add, git commit, git push, and several python3 scripts. It specifically directs the agent to operate in a 'fully automatic' mode without interactive prompts, which reduces user oversight.- [DATA_EXFILTRATION]: The workflow includes a synchronization step that pushes local code and changes to various remote GitHub repositories (e.g., lovstudio/skills, lovstudio/general-skills). While targeting vendor-related repositories, this represents an automated network data transfer capability.- [PROMPT_INJECTION]: The skill uses strong directives to override typical agent behavior, such as 'Do not ask the user for options' and 'Do not print a trailing summary'. It also presents an indirect prompt injection surface by processing content from other skill files as input for optimization without boundary markers or sanitization.\n
  • Ingestion points: Reads SKILL.md, README.md, and Python scripts from target skill directories (SKILL.md Step 2).\n
  • Boundary markers: No delimiters or safety warnings are used when processing external file content.\n
  • Capability inventory: Uses the Edit tool to modify files and bash to execute shell commands and git operations (SKILL.md Step 3, 5, 7).\n
  • Sanitization: No validation or sanitization of content read from external skill files.- [REMOTE_CODE_EXECUTION]: The agent is instructed to directly edit existing Python scripts and then execute them (or other scripts in the repository) to perform tasks. This modification-and-execution pattern allows for the execution of dynamically generated code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — lovstudio-skill-optimizer