optimize-prompt-token-efficiency
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from local files and processing it through subagents.
- Ingestion points: Content is read from user-specified file paths (.md, .txt, .yaml, .json) using the Read tool in Phase 1.
- Boundary markers: The skill does not employ delimiters or explicit instructions to the subagents to ignore embedded commands within the ingested content.
- Capability inventory: The skill uses the Read, Write, and Task tools, and executes shell commands (mv) to modify the filesystem.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the input file content before it is interpolated into prompts for the verifier and optimizer agents.
- [COMMAND_EXECUTION]: In Phase 4.2, the skill uses a shell command (mv) to perform an atomic replacement of the original source file with the generated content. While this is a common utility pattern, it grants the skill direct control over filesystem paths via shell execution.
Audit Metadata