skill-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It is designed to read and summarize files from other skills provided by the user or found on the filesystem. If a target skill contains malicious instructions, the agent may inadvertently follow them because there are no boundary markers or sanitization procedures.
- Ingestion points: In Step 0 of SKILL.md, the agent reads
SKILL.mdand other files from the user-selected skill folder. - Boundary markers: No delimiters or safety instructions are used to separate the content of the skill being analyzed from the agent's system prompt.
- Capability inventory: The agent has the ability to list directories (
ls), read files, and write files to the filesystem. - Sanitization: No sanitization is performed on the content of the skill files before they are processed.
- [COMMAND_EXECUTION]: The skill uses hardcoded, environment-specific paths (
/sessions/tender-keen-ramanujan/mnt/.skills/skills/) for directory listing and output storage. This practice can leak information about the author's environment and may cause the skill to fail or interact with unintended locations if used in different environments.
Audit Metadata