skill-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill incorporates robust security guardrails, including the mandatory redaction of secrets (API keys, tokens) and the requirement for explicit user confirmation before performing any file edits.\n- [PROMPT_INJECTION]: The skill processes potentially untrusted data from target skill instructions and conversation history to generate optimization proposals. This surface for indirect prompt injection is mitigated by the human-in-the-loop requirement for all proposed changes.\n
- Ingestion points: Target skill definitions (SKILL.md), lessons logs (LESSONS.md), and chat context.\n
- Boundary markers: None; the content is processed directly for diagnostic purposes.\n
- Capability inventory: Reading and modifying local skill files and using interactive user question tools.\n
- Sanitization: Automatic redaction of credentials found in analyzed content.
Audit Metadata