lovstudio-skill-optimizer
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a series of shell commands automatically, including
git add,git commit,git push, and severalpython3scripts. It specifically directs the agent to operate in a 'fully automatic' mode without interactive prompts, which reduces user oversight.- [DATA_EXFILTRATION]: The workflow includes a synchronization step that pushes local code and changes to various remote GitHub repositories (e.g.,lovstudio/skills,lovstudio/general-skills). While targeting vendor-related repositories, this represents an automated network data transfer capability.- [PROMPT_INJECTION]: The skill uses strong directives to override typical agent behavior, such as 'Do not ask the user for options' and 'Do not print a trailing summary'. It also presents an indirect prompt injection surface by processing content from other skill files as input for optimization without boundary markers or sanitization.\n - Ingestion points: Reads
SKILL.md,README.md, and Python scripts from target skill directories (SKILL.md Step 2).\n - Boundary markers: No delimiters or safety warnings are used when processing external file content.\n
- Capability inventory: Uses the
Edittool to modify files andbashto execute shell commands and git operations (SKILL.md Step 3, 5, 7).\n - Sanitization: No validation or sanitization of content read from external skill files.- [REMOTE_CODE_EXECUTION]: The agent is instructed to directly edit existing Python scripts and then execute them (or other scripts in the repository) to perform tasks. This modification-and-execution pattern allows for the execution of dynamically generated code.
Audit Metadata