optimize
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process user-provided code for optimization without visible boundary markers or sanitization. Evidence: 1. Ingestion points: 'the specified code' from user input. 2. Boundary markers: Absent in implementation instructions. 3. Capability inventory: 'Apply optimizations' (file modification) and 'Run tests' (command execution). 4. Sanitization: Absent.
- [Command Execution] (HIGH): The skill's workflow includes a 'Run tests' step. This implies the agent will execute scripts or binaries associated with the user-provided code, allowing a malicious actor to achieve arbitrary command execution via crafted test suites or build scripts.
- [Remote Code Execution] (MEDIUM): Although the skill does not explicitly download code in this file, the process of optimizing external code often involves fetching it from remote repositories, which, when combined with the execution of tests, facilitates RCE.
Recommendations
- AI detected serious security threats
Audit Metadata