Skills
skills/prefactordev/typescript-sdk/desloppify/Gen Agent Trust Hub

desloppify

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the desloppify CLI tool from a third-party GitHub repository (github.com/peteromallet/desloppify.git) using uvx or pip. This involves downloading and executing code from an external source not affiliated with a trusted platform vendor.
  • [PROMPT_INJECTION]: The skill explicitly instructs the agent to "Follow the scan output's INSTRUCTIONS FOR AGENTS — don't substitute your own analysis." This directive creates a significant surface for indirect prompt injection. If an attacker places malicious instructions within the codebase being scanned (e.g., in documentation or code comments), the desloppify scanner may echo these instructions in its output. Because the agent is told to obey the tool's instructions and not use its own judgment, it may execute those injected commands.
  • Ingestion points: Data enters the agent's context through the output of desloppify scan, desloppify next, and desloppify review.
  • Boundary markers: Absent. The skill instructions specifically tell the agent to prioritize the tool's instructions over its own analysis.
  • Capability inventory: The agent has access to the file system, git commands, the gh CLI, and the desloppify tool itself.
  • Sanitization: There is no mention of sanitizing or validating the output of the tool before the agent acts upon its instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 05:52 PM