chrysopoeia
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It is designed to ingest and analyze external codebases using tools like
Read,Grep, andGlob. Maliciously crafted code files could contain hidden instructions intended to influence the agent's behavior during the optimization process. The procedure does not specify the use of strict boundary markers or content sanitization when interpolating code content into the analysis flow. - [COMMAND_EXECUTION]: The skill requires the
Bashtool to perform performance profiling and benchmarking in Step 1 and Step 3. This necessitates the execution of the code being analyzed. If an attacker provides a malicious codebase for optimization, the benchmarking process could trigger the execution of arbitrary commands within the agent's runtime environment. This risk is tied to the primary purpose of the skill as a developer tool.
Audit Metadata