alkosto-wait-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to call a local Python script (
scripts/calc_wait.py) to perform its primary mathematical functions. Although this is consistent with the skill's stated purpose as a calculator, the use ofpython3for execution represents a command-line surface. - [EXTERNAL_DOWNLOADS] (LOW): The README instructs users to install the skill from a personal GitHub repository (
broomva/alkosto-wait-optimizer-skill). This repository is not part of the pre-approved trusted organizations, though it is standard for community-contributed skills. - [PROMPT_INJECTION] (LOW): The skill ingests raw user strings through the
winner_timestampsfield. In the absence of documented sanitization, escaping, or boundary markers, this input surface could theoretically be used for indirect prompt injection if the strings are subsequently interpreted by the agent's logic.
Audit Metadata