rp-optimize-v2

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted repository content and user input to drive its orchestration logic.
  • Ingestion points: The workflow ingests external data from the $ARGUMENTS parameter and reads project-controlled files including AGENTS.md, test suites, and benchmark configurations during its mapping and optimization phases.
  • Boundary markers: Tool instructions passed to the context_builder are encapsulated within and XML-like tags to separate intent from untrusted codebase data.
  • Capability inventory: The orchestrator can spawn specialized agents for mapping and implementation, execute arbitrary shell commands for testing and benchmarks, and modify the project's file system via file_actions.
  • Sanitization: The skill relies on structural instruction framing and model reasoning rather than programmatic input sanitization to mitigate malicious content in the processed files.
  • [COMMAND_EXECUTION]: Automated Command Execution. The skill is designed to discover and execute shell commands for testing and benchmarking that are derived from documentation and configuration files within the user's workspace.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 03:53 AM
Security Audit — agent-trust-hub — rp-optimize-v2