proj-optimize
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) due to its core functionality of reading local issue logs and generating modifications based on their content.
- Ingestion points: The skill reads optimization requests and issue descriptions from local project files at docs/optimization/pending-issues.md.
- Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to prevent the agent from misinterpreting embedded instructions within the issue logs as its own logic.
- Capability inventory: The skill has the capability to write to project files and modify other agent skill definitions (e.g., in .claude/skills/), which could be exploited to alter agent behavior if malicious inputs are processed.
- Sanitization: This risk is mitigated by a mandatory user confirmation workflow (y/n/s/a) that requires a human to review and approve all proposed changes before any file modifications are executed.
Audit Metadata