optimize-agent-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted documentation as a primary input.\n
- Ingestion points: The skill explicitly inventories and reads content from project-specific files like
CLAUDE.md,AGENTS.md, and directories such as.cursor/and.claude/.\n - Boundary markers: No explicit delimiters or system-level instructions are provided to ensure the agent ignores executable instructions found within the documentation files it is processing.\n
- Capability inventory: The agent is instructed to extract facts and 'Critical Rules' and write them into a
KNOWLEDGE.mdmanifest, which could allow a malicious instruction in a source file to be promoted to a high-priority agent rule.\n - Sanitization: There is no evidence of sanitization or content validation applied to the data before it is re-integrated into the agent's optimized knowledge base.\n- COMMAND_EXECUTION (SAFE): The skill utilizes standard, read-only shell utilities for file discovery.\n
- Evidence: Workflow utilizes
find(with a limited-maxdepth 2),grep, andwcto analyze and validate documentation structure.这些命令是非破坏性的且局限于本地工作区。
Audit Metadata