Skills
skills/ttokit/claude-skills/skill-optimizer/Gen Agent Trust Hub

skill-optimizer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted markdown data (external SKILL.md files) and possesses high-impact capabilities like Write, Edit, and Bash.
  • Ingestion points: The skill scans and reads any SKILL.md files within the skills/ directory (Phase 1 & 2).
  • Boundary markers: There are no instructions for the agent to treat the content of the analyzed files as data only or to ignore instructions embedded within them.
  • Capability inventory: The skill has access to Write, Edit, and Bash tools, which can be used to permanently alter the filesystem or execute arbitrary code.
  • Sanitization: There is no mention of sanitizing or escaping the content of the files before they are processed by the agent.
  • COMMAND_EXECUTION (HIGH): The inclusion of the Bash tool in the allowed-tools list, combined with the workflow of analyzing potentially malicious external files, provides an execution vector for an attacker to run system-level commands if the agent is successfully injected.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:27 PM