Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/meta-optimize/Gen Agent Trust Hub

meta-optimize

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an outer-loop optimization pattern that ingests historical logs, creating a surface for indirect prompt injection.
  • Ingestion points: The skill reads .aris/meta/events.jsonl, which contains raw user prompts, tool inputs, and error messages from previous sessions.
  • Boundary markers: In Step 4, when sending data to an external reviewer model (mcp__codex__codex), the skill interpolates evidence from the usage logs into the prompt without utilizing strict delimiters or boundary markers to isolate untrusted content.
  • Capability inventory: The skill possesses extensive capabilities, including full Bash access and the ability to Write and Edit skill files, which are the primary instructions for the agent.
  • Sanitization: There is no evidence of sanitization or escaping of the log data before it is presented to the reviewer model to prevent historical malicious prompts from affecting future optimization decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:06 PM
Security Audit — agent-trust-hub — meta-optimize