optimizespec-new
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of instructional markdown and configuration templates. It does not contain any executable scripts, binaries, or active code components.
- [SAFE]: The workflow is designed for a development environment to help structure optimization tasks. The instructions for repository inspection and file creation align with the stated purpose of setting up evaluation artifacts.
- [DATA_EXPOSURE]: The skill directs the agent to read from the local repository and a relative sibling path (
../optimizespec-common/). This file access is necessary for the skill to perform its intended task of identifying runtimes and dependencies for the optimization proposal. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface by reading external repository files and sibling directories. While it lacks explicit boundary markers or sanitization for this ingested data, the risk is minimized as the workflow concludes with the creation of a static markdown proposal document rather than the execution of derived commands.
Audit Metadata