optimizing-descriptions
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The "Workflow" section provides a bash and awk script to extract description fields from multiple SKILL.md files for bulk auditing.
- [PROMPT_INJECTION]: The skill processes external description text, creating a surface for indirect prompt injection if those descriptions contain malicious instructions.
- Ingestion points: SKILL.md files in subdirectories via the provided awk script.
- Boundary markers: None; the script extracts raw text from YAML frontmatter.
- Capability inventory: The skill performs local file reading and mentions use of the waxa CLI tool.
- Sanitization: No sanitization is performed on the extracted description content.
Audit Metadata