antislop

Pass

Audited by Gen Agent Trust Hub on Jun 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The install.sh script automates the setup process by creating directories and copying files within the user's home directory. This is standard behavior for skill installation.
  • [EXTERNAL_DOWNLOADS]: The skill instructions include a 'Pattern Refresh Protocol' that fetches data from Wikipedia's public API. These requests target a well-known service to keep the skill's detection database updated with the latest community research.
  • [PROMPT_INJECTION]: As an editing tool, this skill processes untrusted user-provided text. It currently lacks explicit boundary delimiters or instructions for the agent to ignore commands embedded in that text, which is an inherent surface for indirect prompt injection.
  • Ingestion points: User-provided text for auditing (documented in SKILL.md).
  • Boundary markers: None identified; the skill directly interpolates user content into its workflow.
  • Capability inventory: The skill uses Read, Edit, and Write tools to modify text files.
  • Sanitization: None; the skill is designed to evaluate the writing style of the input as-is.
  • [REMOTE_CODE_EXECUTION]: Automated tools flagged a pattern where remote data from Wikipedia is piped to a local Python interpreter. Analysis confirms this is used solely for parsing JSON data from a trusted source using a static script, and it does not involve executing the remote content as code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 1, 2026, 07:21 AM
Security Audit — agent-trust-hub — antislop