simplify-and-harden
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it requires the agent to analyze and process untrusted data (source code and comments) as instructions for its self-review passes.
- Ingestion points: Source code files and git diffs are analyzed during the Simplify, Harden, and Document passes (referenced in SKILL.md and references/agent-context-snippets.md).
- Boundary markers: The skill fails to provide boundary markers or specific instructions to the agent to treat the reviewed content as data rather than instructions.
- Capability inventory: The agent has the ability to read and modify project files, including core configuration and instruction files like CLAUDE.md and AGENTS.md via the 'learning loop' feature.
- Sanitization: There is no evidence of sanitization, filtering, or validation for the content processed during the review or the patterns promoted to the system instructions.
Audit Metadata