context-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill accesses sensitive internal configuration files including
~/.claude/mcp.jsonand~/.claude/CLAUDE.md. These files often contain API keys, authentication tokens, or sensitive system instructions. While no network transmission is initiated, exposing this data to the LLM context is a security risk. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The skill processes untrusted data from the local repository (e.g.,
CLAUDE.md,AGENTS.md) and has the capability to delete files or modify themcp.jsonconfiguration based on its analysis. An attacker could place malicious instructions in these project files to trick the agent into disabling security tools or deleting important data. Evidence: 1. Ingestion points: ProjectCLAUDE.mdandAGENTS.mdfiles. 2. Boundary markers: Absent. 3. Capability inventory: Deletion of untracked files and modification ofmcp.json. 4. Sanitization: Absent. - COMMAND_EXECUTION (SAFE): The skill executes
git statuscommands to audit the repository state. These are standard diagnostic operations and do not pose a direct threat in this context.
Audit Metadata