sensei
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Credential Access: The optimization script utilizes the GitHub CLI (gh auth token) to retrieve an authentication token for the GitHub Models inference endpoint. This is a standard practice for development tools in this environment to facilitate model-based optimization steps.
- Automated Command Execution: The skill workflow involves executing various shell commands, including Node.js package scripts (npm test, npm run references) and Git operations (git commit). These are integral to the automated testing and version control steps of the skill's improvement loop.
- File System Access: To perform its optimization tasks, the skill reads from and writes to the local project directory. Specifically, it updates SKILL.md files and test files to ensure they meet specified frontmatter standards.
- Indirect Prompt Injection Surface: The skill acts as an automated refactoring tool that processes existing frontmatter and test code. While this represents an indirect prompt injection surface, the tool mitigates risk by using structured scoring rules and evolutionary algorithms to process these files.
Audit Metadata