Skills
skills/tdimino/claude-code-minoan/skill-optimizer/Gen Agent Trust Hub

skill-optimizer

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The run_eval.py script uses subprocess.Popen to programmatically execute the claude CLI tool to test skill triggers. While it uses a list for arguments to mitigate shell injection, it executes system-level commands using inputs derived from local configuration files.
  • [EXTERNAL_DOWNLOADS]: The scrape_documentation_helper.py and references/documentation-scraping.md files explicitly guide users to clone and execute Skill_Seekers from a third-party GitHub repository (yusufkaraaslan/Skill_Seekers) that is not a verified vendor.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html file loads a production build of the SheetJS library from a remote CDN (cdn.sheetjs.com) for spreadsheet rendering.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the evals.json input.
  • Ingestion points: run_eval.py reads test queries from evals/evals.json (or any user-provided path).
  • Boundary markers: None. The queries are passed directly to the CLI command.
  • Capability inventory: Subprocess execution of the claude CLI and automated LLM-based description improvement using the Anthropic API.
  • Sanitization: None. Queries from the JSON file are interpolated directly into the command line execution and LLM prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 02:16 PM