rsc-data-optimizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection (Category 8) due to the skill's design. * Ingestion points: The skill instructs the agent to search and read local user files (Next.js components) using grep-like patterns. * Boundary markers: None. There are no delimiters or instructions provided to the agent to distinguish between legitimate code and potential malicious instructions embedded in comments or strings within the files. * Capability inventory: The agent is instructed to refactor code, which involves the high-privilege operations of reading and overwriting files on the local filesystem. * Sanitization: None. Content from processed files is interpolated into the agent's reasoning context without any filtering or validation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is sourced from an unverified repository (julianromli/ai-skills) that is not part of the Trusted External Sources list, meaning its contents have not been vetted for security or reliability.
- [COMMAND_EXECUTION] (LOW): The skill documentation includes the use of shell commands ('rg' or ripgrep) to perform local filesystem searches. While standard for development tasks, this confirms the reliance on shell execution capabilities to access user data.
Recommendations
- AI detected serious security threats
Audit Metadata