skill-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file permission modifications, specifically adding the execute bit (chmod +x) to shell scripts found within the target skill directory during the optimization phase.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill is designed to ingest and process instructions and content from untrusted external skill files to perform audits and generate optimized code/instructions.
- Ingestion points: The agent is directed to read the full contents of a user-specified skill directory, including SKILL.md and files within the references/, assets/, and scripts/ subdirectories (Phase 1, Step 1).
- Boundary markers: There are no explicit instructions to wrap ingested content in delimiters or to ignore potential instructions embedded within the target files.
- Capability inventory: The skill utilizes file system read and write operations, as well as permission modifications (chmod) through the agent's environment.
- Sanitization: No sanitization or validation of the untrusted skill content is described before it is used to plan optimizations or generate new script content.
Audit Metadata