prompt-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill instructions do not contain any patterns associated with malicious activity, obfuscation, or safety bypass. All guidance is focused on legitimate prompt engineering tasks.
- [NO_CODE]: No Python or Node.js scripts, binary executables, or system configuration files are included. The skill relies entirely on natural language instructions for the AI agent.
- [EXTERNAL_DOWNLOADS]: The skill does not reference or attempt to download any external resources, packages, or remote scripts.
- [DATA_EXFILTRATION]: There are no capabilities for network communication or accessing sensitive local files such as environment variables or credentials.
- [PROMPT_INJECTION]: While the skill takes user input to optimize, it does not instruct the agent to ignore its own safety guidelines. The 'Negative Constraints' section provides stylistic rules for the generated output (e.g., avoiding excessive fluff) rather than attempting to jailbreak the model.
- [INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: User-provided prompts enter the context through the '接收请求' (Receive Request) phase. 2. Boundary markers: No explicit delimiters or sanitization rules are defined for the user input. 3. Capability inventory: No subprocesses, network calls, or file writes are present in the skill. 4. Sanitization: No input filtering is implemented. Despite the ingestion surface, the lack of system capabilities makes this surface non-exploitable.
Audit Metadata