Skills
skills/j5ik2o/ai-tools/takt-optimizer/Gen Agent Trust Hub

takt-optimizer

Warn

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. It is designed to ingest and process external, untrusted content including workflow YAML files, facets (Markdown), and execution logs.
  • Ingestion points: Workflow YAMLs and facets are loaded in 'Step 1: Identify and Load Targets'.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious embedded instructions in the processed files.
  • Capability inventory: The skill uses tools like Write, Edit, and Bash in various optimization and validation steps (e.g., implement and audit steps).
  • Sanitization: No sanitization or validation of the ingested content is mentioned before it is interpolated into agent prompts.
  • [COMMAND_EXECUTION]: The file scripts/validate-takt-files.sh contains a relative path reference (../../takt-piece-builder/scripts/validate-takt-files.sh) pointing to a location outside the skill's own directory. This constitutes an unverifiable external dependency that may execute unknown code if the referenced directory is present on the user's system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 05:22 AM