prompt-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions focus on improving prompt quality and logic. There are no patterns suggesting attempts to bypass safety filters, extract system prompts, or override agent constraints.
- [Data Exposure & Exfiltration] (SAFE): No evidence of sensitive file path access or network operations (curl, wget, fetch) was found.
- [Indirect Prompt Injection] (INFO): The skill is designed to ingest untrusted user-provided prompts for optimization. Mandatory Evidence: 1. Ingestion: User input (SKILL.md); 2. Boundary: No explicit delimiters for untrusted input; 3. Capabilities: None (no code execution or file writes); 4. Sanitization: None. As the output is for display only and lacks side-effect capabilities, the severity is minimal.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external package managers or remote code execution patterns were detected.
- [Dynamic Execution] (SAFE): The skill contains no executable code, eval/exec calls, or unsafe deserialization logic.
Audit Metadata