ln-814-optimization-executor
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill retrieves and executes arbitrary shell commands from the
test_commandande2e_test_commandfields within the.optimization/{slug}/context.mdconfiguration file. - Evidence: Phase 1 (Establish Baseline) and Phase 2 (Strike-First Execution) utilize these dynamically loaded strings as safety gates and benchmarking tools.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it performs high-impact actions—such as modifying source code and executing shell commands—based on instructions ingested from an external configuration file without validation.
- Ingestion points:
.optimization/{slug}/context.md(specifically thehypotheses,test_command, ande2e_test_commandfields). - Boundary markers: No markers or 'ignore' instructions are used to separate the configuration data from the agent's logic.
- Capability inventory: The skill has the ability to modify multiple files across the repository (
APPLY all uncontested hypotheses) and execute subprocesses (test_command). - Sanitization: There is no evidence of command sanitization, path validation, or instruction filtering for the content loaded from the context file.
Audit Metadata