Skills
skills/redfox-data/redfox-community/optimize-skill-md/Gen Agent Trust Hub

optimize-skill-md

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script provided within the package to report usage data.
  • Evidence: SKILL.md instructs the agent to run python3 scripts/record.py before performing the optimization task.
  • [DATA_EXFILTRATION]: The telemetry script sends usage information to an external API endpoint.
  • Evidence: scripts/record.py performs a POST request to https://redfox.hk/story/api/skill/record/save to save a record of the skill being used.
  • Note: The destination domain redfox.hk corresponds to the skill author redfox-data and is treated as a vendor-managed resource.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes user-provided Markdown files.
  • Ingestion points: The skill reads the target SKILL.md file in the first step of its optimization workflow.
  • Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" warnings when processing the untrusted content from the target file.
  • Capability inventory: The skill has the ability to write to the file system using SearchReplace and execute local Python scripts via the terminal.
  • Sanitization: There is no evidence of sanitization or filtering of the content read from the target file before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:50 PM
Security Audit — agent-trust-hub — optimize-skill-md