optimizing-skills
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow susceptible to indirect prompt injection (Category 8) through its ingestion of external data during the optimization process.
- Ingestion points: Untrusted task prompts from the 'held-out check set' (SKILL.md) and 'failed task transcripts' (references/skillopt-provenance.md) are used as inputs for evaluation.
- Boundary markers: The skill's instructions for using the Agent tool (SKILL.md, references/skillopt-provenance.md) do not mandate the use of delimiters or 'ignore instructions' warnings for interpolated task content.
- Capability inventory: The skill utilizes the
Agenttool to execute subagents with potentially tainted data and theEdittool to modify the local skill file content based on the resulting analysis. - Sanitization: There is no requirement for sanitization or validation of the untrusted task content before it is processed by subagents to generate skill edits.
Audit Metadata