de-sloppify
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted source code comments and TODOs, creating a surface for indirect prompt injection where embedded instructions could influence the agent's actions.
- Ingestion points: Step 5 uses grep on .cs files, and Steps 3, 4, 6, and 7 use MCP tools to read project diagnostics and code structure.
- Boundary markers: None; the skill does not define delimiters or warnings to isolate untrusted code content from agent instructions.
- Capability inventory: The agent can modify or delete files and execute build and test commands.
- Sanitization: No validation or sanitization is performed on the ingested code content before it is processed.
- [COMMAND_EXECUTION]: The skill requires the execution of local .NET CLI commands to perform its core functions.
- Evidence: The dotnet format, dotnet build, and dotnet test commands are invoked throughout the 7-step pipeline described in SKILL.md.
Audit Metadata