optflow
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by scanning repository files to identify optimization points. This creates a surface for indirect prompt injection if the analyzed code contains malicious instructions.
- Ingestion points: Workflow Step 0 in
SKILL.mdinvolves scanning the repository content. - Boundary markers: None explicitly defined to separate untrusted repository content from instructions.
- Capability inventory: The skill is authorized to perform file writes (to execute optimizations) and shell command execution (to run test matrices and validation checks defined in
references/delivery-base.md). - Sanitization: No explicit sanitization or instruction filtering for the scanned content is mentioned.
- [COMMAND_EXECUTION]: The skill performs automated shell command execution for testing and verification as part of its core functionality.
- Evidence:
references/delivery-base.mdspecifies running 'mapped step checks' and 'relevant checks immediately after code change' to validate implementation. - Safety Context: These operations are restricted to the repository's local environment and are intended for standard development tasks such as running test suites (unit, integration, E2E).
Audit Metadata