ln-813-optimization-plan-validator
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from
.hex-skills/optimization/{slug}/context.md(specifically the 'hypotheses' and 'research' sections) and materializes this context for other agents and workers. Malicious instructions embedded in these hypotheses could influence the behavior of the launched agents or the research/refinement workers. - Ingestion points: Ingests data from
SKILL.mdvia the.hex-skills/optimization/{slug}/context.mdfile path. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' delimiters are defined for the ingested context data.
- Capability inventory: The skill can invoke other skills (
ln-311-review-research-worker,ln-316-review-refinement-worker) and launch external agents, providing them with the potentially poisoned context. - Sanitization: No evidence of sanitization or validation of the input strings before they are interpolated into worker/agent prompts.
Audit Metadata