prompt-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes the contents of untrusted SKILL.md files. Malicious instructions contained within a target file could be reflected in the analysis output or influence an agent that consumes the resulting optimization suggestions.\n
- Ingestion points: The skill reads file content in
src/index.tsfrom the path provided via the--inputargument.\n - Boundary markers: The skill does not implement boundary markers or delimiters to isolate untrusted file content from the agent's internal instruction context during processing.\n
- Capability inventory: The skill has the capability to read from and write to the local filesystem using
@agent/coreutilities.\n - Sanitization: The skill performs regex-based pattern matching but does not sanitize, escape, or filter the content of the analyzed files before including findings in the output results.\n- [DATA_EXFILTRATION]: The skill allows the reading of arbitrary files via the
--inputflag and can write analysis results to user-specified paths via the--outflag. While no network exfiltration was detected, this provides a mechanism for local data exposure if sensitive files are targeted for analysis.
Audit Metadata