optflow
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute automated commands and tests within the repository environment to validate each optimization step. This is a core part of its intended functionality to ensure stability and correctness during the optimization process.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it scans and processes untrusted repository content (Step 0) and uses it to plan changes. Malicious instructions hidden in code comments or files could potentially influence agent behavior.
- Ingestion points: Repository files and documentation scanned during the discovery phase (SKILL.md, Step 0).
- Boundary markers: No explicit instructions are provided to the agent to distinguish between repository data and system instructions or to ignore instructions embedded in the code.
- Capability inventory: The agent has the capability to modify files, stage changes, create git commits, and execute shell commands for testing (referenced in delivery-base.md).
- Sanitization: No explicit sanitization or validation of the repository content is performed before processing.
Audit Metadata