optimizespec-apply
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and executes instructions from markdown artifacts (such as
tasks.md,proposal.md, anddesign.md) found in theoptimizespec/changes/directory. - Ingestion points: Artifacts located at
optimizespec/changes/<change-name>/. - Boundary markers: There are no explicit delimiters or warnings to ignore embedded instructions within these artifacts.
- Capability inventory: The skill is capable of writing code to the repository and executing arbitrary shell commands through its 'verify' and 'rollout' workflows.
- Sanitization: No sanitization or validation of the artifact content is performed before the agent begins implementing tasks.
- [COMMAND_EXECUTION]: The skill is designed to execute shell commands on the host system as part of the 'verify workflow' and 'live rollout'. While these are intended for testing and verification of the implemented changes, they can be used to execute arbitrary commands if the implementation plan is compromised.
Audit Metadata