skills-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external repositories, creating a surface for indirect prompt injection.
- Ingestion points: Reads 'config/skills.yaml' and external files like 'SKILL.md' and scripts.
- Boundary markers: No explicit boundary markers or delimiters are defined.
- Capability inventory: The skill is capable of writing to the local 'config/skills.yaml' file.
- Sanitization: The skill relies on natural language instructions for the agent to conduct security and quality audits.
- [COMMAND_EXECUTION]: The skill workflow involves instructing the user to manually execute the 'task setup-skills' command to finalize configuration updates.
Audit Metadata