skill-optimizer-yashu
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
analyze.pyandoptimize.py) via the command line to process skill documentation. These scripts are invoked with arguments provided by the agent. - [PROMPT_INJECTION]: The skill analyzes third-party documentation, creating a surface for indirect prompt injection. However, it processes this data as static text using regular expressions rather than executing it. 1. Ingestion points: Skill documents are read from the filesystem via
Path.read_text()in theanalyze.pyandoptimize.pyscripts. 2. Boundary markers: No specific delimiters are used to isolate user-provided file content from the analyzer's processing logic. 3. Capability inventory: The skill can read local files, overwrite documentation files during optimization, and manage temporary JSON reports in the system's temporary directory. 4. Sanitization: Metadata is parsed using the secureyaml.safe_load()method, and the document body is treated as non-executable text throughout the analysis process.
Audit Metadata