skill-optimizer

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes historical user corrections (trajectories) stored in a local SQLite database to refine and optimize skill instructions. This creates a surface where malicious instructions embedded in the historical data could be promoted into the final skill content.
  • Ingestion points: ~/.pro-workflow/data.db (specifically learn-rule rows).
  • Boundary markers: No specific delimiters or validation logic for the input trajectories are described in the process.
  • Capability inventory: The skill has the capability to overwrite SKILL.md files and make network requests to external AI model providers.
  • Sanitization: No sanitization or filtering of the input data is mentioned before it is processed by the optimizer LLM.
  • [COMMAND_EXECUTION]: The skill executes local commands to interact with a SQLite database (sqlite3) and provides a command-line interface (/skill-optimize) for the optimization process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:28 AM
Security Audit — agent-trust-hub — skill-optimizer