skill-optimize
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Mode detection' logic that allows the agent to skip the mandatory plan approval step if the keywords 'auto' or 'trust me' are detected in the arguments, which could be exploited to execute changes without user verification.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is vulnerable to instructions embedded in the data it processes. Evidence: 1. Ingestion points: The skill ingests untrusted data from the '$PROMPT' argument and existing files within the '.claude/skills/' directory. 2. Boundary markers: While the prompt is wrapped in XML tags, there are no instructions to the agent to ignore or isolate instructions found within the skill files being optimized. 3. Capability inventory: The skill has the capability to read and write files, as well as delegate tasks to other functional skills like 'skill-creator'. 4. Sanitization: No sanitization, validation, or escaping of input data is performed before processing.
Audit Metadata