ai-cost-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process large codebase data which could contain malicious instructions.\n
- Ingestion points: fullRepoData variable in SKILL.md used for context caching.\n
- Boundary markers: Present; uses XML tags (<system_instruction>) to isolate roles and constraints.\n
- Capability inventory: Limited to model.generateContent for task execution and cacheManager for storage. No high-privilege write or execution capabilities were detected in the provided code patterns.\n
- Sanitization: No explicit sanitization or filtering of the ingested context is described in the implementation logic.\n- [DATA_EXFILTRATION] (SAFE): No unauthorized network activity or sensitive data exposure patterns were detected. The skill uses standard Google GenAI context caching methods.\n- [REMOTE_CODE_EXECUTION] (SAFE): No unverified downloads or remote script execution commands were identified. The tools mentioned (e.g., Repomix, bun) are provided as recommendations for manual use.
Audit Metadata