skill-optimizer
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill inherently processes untrusted data by ingesting and optimizing existing skill files and user-provided test prompts.
- Ingestion points: Processes target
SKILL.mdfiles and external test prompts viaassets/test-prompt-schema.md. - Boundary markers: The skill relies on its own internal logic to maintain "contracts" rather than explicit data delimiters.
- Capability inventory: The skill lacks high-risk capabilities like network access, subprocess calls, or file-writing tools that could be abused via injection.
- Sanitization: None detected, but the process is gated by human review (Approval Gate).
- [DATA_EXFILTRATION]: No network operations (e.g., curl, wget, fetch) or access to sensitive local file paths (e.g., ~/.ssh, ~/.aws, .env) were detected. The skill only interacts with its internal assets and the provided context.
- [REMOTE_CODE_EXECUTION]: The skill does not include any external package dependencies (npm/pip) or patterns for remote script execution.
- [OBFUSCATION]: No hidden content, base64-encoded instructions, zero-width characters, or homoglyph-based obfuscation techniques were identified across the skill's files.
- [COMMAND_EXECUTION]: No shell commands or dynamic context injection patterns (
!commands) were found in the skill definitions.
Audit Metadata