prompt-optimizer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions explicitly direct the agent to run
python3 scripts/evaluate.py "Your prompt here"andpython3 scripts/optimize.py "Your prompt here". This pattern is highly susceptible to command injection if the agent fails to escape shell metacharacters (e.g.,;,&,|,`) in the user-provided prompt string. - [REMOTE_CODE_EXECUTION] (HIGH): By allowing arbitrary command execution through shell injection, an attacker can execute arbitrary scripts, download malicious payloads, or compromise the agent's environment.
- [DATA_EXFILTRATION] (MEDIUM): While no explicit exfiltration code is present in the markdown, the command execution vulnerability enables an attacker to access environment variables, local files (like
~/.sshor.env), and transmit them to external servers using common system utilities likecurlorwget. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill's core function is processing untrusted external data (user prompts).
- Ingestion points: The "Your prompt here" placeholder in
SKILL.mdidentifies where untrusted data enters the agent context. - Boundary markers: The instructions provide no delimiters or sanitization guidelines for the agent to follow when passing this data to the shell.
- Capability inventory: The skill utilizes
python3subprocess calls viascripts/evaluate.pyandscripts/optimize.pyas documented inSKILL.md. - Sanitization: There is no evidence of input validation or escaping mechanisms to prevent adversarial content from influencing the command line execution.
Recommendations
- AI detected serious security threats
Audit Metadata