code-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include shell commands for synchronizing the local repository state with the remote origin using
git fetch,git pull, andgit stashinSKILL.md. These are standard developer operations required for the skill's stated purpose of modifying code. - [EXTERNAL_DOWNLOADS]: The
README.mdprovides installation instructions that reference the author's GitHub repository and NPM packages. These are standard distribution channels for the vendor's own tools. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted user-provided source code.
- Ingestion points: Target code file(s) or directory are read into the agent context in the Analysis phase (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the ingested content.
- Capability inventory: The skill has the capability to execute git commands and perform file write operations to apply optimizations.
- Sanitization: The skill includes a mandatory safeguard requiring explicit user approval before any optimization fixes are applied.
Audit Metadata