simplify
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by design. It instructs the agent to seek out and follow instructions from files within the repository being analyzed.
- Ingestion points: The skill explicitly tells the agent to read and follow
AGENTS.mdfiles and any localsimplifyskill defined in the repository (SKILL.md). - Boundary markers: There are no boundary markers or instructions to treat the content of these files as untrusted; the instructions specifically state to "apply that addendum" from local skills.
- Capability inventory: The skill has the capability to execute shell commands via the verification step (tests, lint, typecheck) and can launch subagents using the
Tasktool. - Sanitization: There is no mention of sanitizing or validating the instructions retrieved from the repository files before execution.
- [COMMAND_EXECUTION]: The skill's workflow includes a verification phase that involves running arbitrary shell commands.
- Evidence: In
SKILL.md, the "Verification" section requires the agent to run "targeted tests", "typecheck", or "lint" commands. While these are intended for safety, they represent a command execution vector that could be exploited if the agent's context is compromised via prompt injection.
Audit Metadata