optimize-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The file
scripts/render-dot.pycontains a relative path traversal string (../../../scripts/render-dot.py) instead of executable code. This pattern indicates an attempt to invoke a script from a parent directory, which may bypass directory-level isolation or execute unverified logic depending on the host environment's handling of such files. - REMOTE_CODE_EXECUTION (MEDIUM): The skill instructs the agent to execute
scripts/render-dot.pyto process DOT diagrams. Because the script's actual implementation is external to the skill package (referenced via path traversal), its safety cannot be verified during static analysis. - PROMPT_INJECTION (LOW): This skill is a utility for processing and optimizing other AI skills, which constitutes a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads and audits
SKILL.mdfiles and.dotfiles from the local environment. - Boundary markers: There are no instructions provided to use XML delimiters or safety headers when the agent reads external skill files.
- Capability inventory: The skill possesses the ability to execute scripts and write/modify files in the workspace.
- Sanitization: The instructions lack specific guidance on sanitizing or escaping content found in the skills being optimized.
Audit Metadata