unslop
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install an external CLI tool from a public registry (PyPI).
- Evidence: Installation commands 'pipx install unslop' and 'uv tool install unslop' in SKILL.md.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to pipe text through the 'unslop' binary for processing.
- Evidence: Command patterns such as 'cat draft.md | unslop --stdin --deterministic' in SKILL.md.
- [PROMPT_INJECTION]: The skill processes untrusted text input, establishing an ingestion surface for indirect prompt injection. This is mitigated by the tool's intended use as a post-processor and the availability of a deterministic mode.
- Ingestion points: Reads text from stdin or files (e.g., 'cat draft.md') in SKILL.md.
- Boundary markers: None present in the command examples.
- Capability inventory: Executes the 'unslop' CLI tool.
- Sanitization: None described; the skill relies on the internal implementation of the 'unslop' package.
Audit Metadata