prompt-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [METADATA_POISONING]: The skill contains a simulated security scan file (
.security-scan-passed) that claims the content has been verified by external tools like gitleaks. This is a deceptive self-authoritative safety claim intended to mislead auditors or users regarding the skill's security status. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest untrusted user requirements and interpolate them into a structured 'enhanced prompt' output, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the 'Original Requirement' input described in
SKILL.md(Step 1 and Step 6) and demonstrated inreferences/examples.md. - Boundary markers: The skill uses standard Markdown headers (e.g., # Role, ## Skills) as structural delimiters in the generated output, but lacks explicit instructions or escape sequences to prevent the agent from obeying instructions embedded within the user-provided requirement.
- Capability inventory: The skill does not possess dangerous capabilities such as subprocess execution, file-system writing, or network operations; it is limited to text transformation.
- Sanitization: No evidence of sanitization, escaping, or validation of the external requirement content was found in the provided files.
Audit Metadata