grey-haven-performance-optimization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface due to its core function of processing untrusted external content (user codebase) while having write and execution permissions. • Ingestion points: The agent uses 'Read', 'Grep', and 'Glob' to ingest arbitrary source code and configuration files. • Boundary markers: None. The skill lacks instructions to delimit or ignore embedded instructions within the code being optimized. • Capability inventory: The skill is granted 'Bash', 'Write', and 'MultiEdit' tools, enabling both filesystem modification and command execution. • Sanitization: None. There is no evidence of sanitization or validation of the content processed from external files.
- [Command Execution] (MEDIUM): The 'Bash' tool is explicitly allowed in the metadata. While useful for profiling and benchmarking, it provides a direct path for executing arbitrary code if the agent is manipulated by instructions found within the code it is analyzing.
Recommendations
- AI detected serious security threats
Audit Metadata