optimize-prompt
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Interacts with the vendor's official domains (
api.orq.ai,docs.orq.ai, andmy.orq.ai) to fetch prompt data and documentation. These operations are essential for the skill's functionality and target trusted infrastructure. - [COMMAND_EXECUTION]: Provides instructions for using
curlto interact with the orq.ai HTTP API as a fallback. These commands correctly utilize environment variables ($ORQ_API_KEY) for authentication rather than hardcoding secrets. - [PROMPT_INJECTION]: The skill processes untrusted system prompts during the analysis and optimization phase, presenting a surface for indirect prompt injection. However, it incorporates mitigation strategies such as mandatory diff reviews, explicit instructions to preserve original intent, and strict preservation of template variables (
{{variable_name}}). - Ingestion points: Reads system messages from the orq.ai API or directly from user input in
SKILL.mdworkflows. - Boundary markers: Not explicitly defined for the prompt content, but instructions emphasize literal preservation of variables.
- Capability inventory: Uses
Bash,Write,Edit, andWebFetchtools to manage local files and API communication. - Sanitization: Relies on human-in-the-loop review and diff validation before any changes are applied.
Audit Metadata