skills/seqis/openclaw-skills-converted-from-claude-code/agent-performance-optimizer/Gen Agent Trust Hub
agent-performance-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and analyze potentially untrusted data from application source code, logs, and network responses.
- Ingestion points: Data enters the agent context through file reading and network tools like curl and wrk.
- Boundary markers: The instructions lack specific delimiters or warnings to disregard instructions found within the data being profiled.
- Capability inventory: The agent has access to the Bash tool and file modification capabilities, which increases the potential impact of a successful injection.
- Sanitization: There is no requirement or evidence of sanitization for the data processed from the environment.
- [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to run various system monitoring and load testing utilities.
- Evidence: Commands such as top, ps, free, and wrk are explicitly included in the workflow. While consistent with the specialist role, this requires active use of shell execution capabilities.
Audit Metadata