skill-optimizer
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes historical user corrections (trajectories) stored in a local SQLite database to refine and optimize skill instructions. This creates a surface where malicious instructions embedded in the historical data could be promoted into the final skill content.
- Ingestion points:
~/.pro-workflow/data.db(specificallylearn-rulerows). - Boundary markers: No specific delimiters or validation logic for the input trajectories are described in the process.
- Capability inventory: The skill has the capability to overwrite
SKILL.mdfiles and make network requests to external AI model providers. - Sanitization: No sanitization or filtering of the input data is mentioned before it is processed by the optimizer LLM.
- [COMMAND_EXECUTION]: The skill executes local commands to interact with a SQLite database (
sqlite3) and provides a command-line interface (/skill-optimize) for the optimization process.
Audit Metadata