geo-optimizer
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command using
findto locate its reference documentation at runtime. - Evidence: The script in
SKILL.mdsearches through multiple paths including~/.claude/plugins,~/.claude/skills, and~/.codex/skills. - [COMMAND_EXECUTION]: The discovery mechanism targets hidden and potentially sensitive directories used by the AI agent platform to store plugins and skills, which could lead to unauthorized discovery of other installed extensions.
- [EXTERNAL_DOWNLOADS]: The documentation in
references/geo-techniques.mddirects users to clone and execute code from third-party GitHub repositories (github.com/AI2HU/gegoandgithub.com/jonradoff/llmopt). These sources are not associated with the skill author or a trusted vendor list. - [DATA_EXFILTRATION]: The skill represents a surface for indirect prompt injection by ingesting untrusted content via
WebFetchor file system access and processing it alongside its own logic. - Ingestion points: URL content fetched via
WebFetchor local files read atStep 3. - Boundary markers: None identified in the prompt templates to distinguish between instructions and untrusted data.
- Capability inventory: Shell command execution (
find) and network operations (WebFetch). - Sanitization: No explicit sanitization or validation of external content is mentioned before processing.
Audit Metadata