plugin-optimization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing and modifying external directories.
- Ingestion points: The agent is instructed to analyze and 'fix' files within user-provided directory paths, specifically targeting
.mdfiles. - Boundary markers: Absent. There are no instructions to use XML tags, delimiters, or 'ignore embedded instructions' prompts when the agent reads content for optimization.
- Capability inventory: The skill explicitly enables file modification capabilities (via the
--auto-fixflag documentation) and directory traversal via the included Python script. - Sanitization: Absent. No logic exists to sanitize or validate the content of the markdown files before the agent processes them, allowing malicious instructions within a 'plugin' to hijack the agent's behavior during the optimization process.
- COMMAND_EXECUTION (LOW): The script
scripts/perf_analyzer.pyis executed locally to perform file system analysis. While the script uses standard library functions and is not inherently malicious, it allows the agent to perform broad directory traversal based on unvalidated input arguments. - DATA_EXPOSURE (INFO): The performance analyzer script collects file size metadata. While not sensitive in a vacuum, this provides an attacker with a mechanism to map file structures on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata