optimizing-skills

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow susceptible to indirect prompt injection (Category 8) through its ingestion of external data during the optimization process.
  • Ingestion points: Untrusted task prompts from the 'held-out check set' (SKILL.md) and 'failed task transcripts' (references/skillopt-provenance.md) are used as inputs for evaluation.
  • Boundary markers: The skill's instructions for using the Agent tool (SKILL.md, references/skillopt-provenance.md) do not mandate the use of delimiters or 'ignore instructions' warnings for interpolated task content.
  • Capability inventory: The skill utilizes the Agent tool to execute subagents with potentially tainted data and the Edit tool to modify the local skill file content based on the resulting analysis.
  • Sanitization: There is no requirement for sanitization or validation of the untrusted task content before it is processed by subagents to generate skill edits.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — optimizing-skills