rtk-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
rtkutility usingbrew install rtk-ai/tap/rtkorcargo install rtk. Neither thertk-aiorganization nor the tool's repository are listed as trusted vendors. - [COMMAND_EXECUTION]: The skill's core functionality involves wrapping standard system commands (e.g.,
git,find,pnpm,cargo,gh) with the third-partyrtkbinary. This allows unverified code to intercept and process output from sensitive developer tools and system utilities. - [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by processing command outputs (like
git logor file reads) through an external tool. If those outputs contain malicious instructions, they could influence the agent's subsequent logic. - Ingestion points: The skill processes output from
git log,git status,find,pnpm list,cargo test, and generic file reading commands. - Boundary markers: There are no explicit delimiters or "ignore embedded instructions" warnings provided to the agent when receiving the condensed output from
rtk. - Capability inventory: The agent is authorized to execute a wide variety of shell commands, package manager operations, and file system reads through the tool.
- Sanitization: No evidence of sanitization, validation, or filtering of the processed output is present in the skill instructions.
Audit Metadata