deslop
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to automate code analysis (using tools like
staticcheck,knip, andmadge) and manage version control via Git (git status,git checkout,git commit). These operations are essential to the skill's refactoring workflow and are guarded by safety checks that ensure a clean working directory before proceeding. - [EXTERNAL_DOWNLOADS]: The skill automatically installs necessary development utilities from official package registries, including
npx(NPM),gem install(RubyGems), andgo install(Go toolchain). These represent trusted sources for developer tooling and are standard practice for the supported languages. - [DATA_EXPOSURE]: The skill performs whole-program analysis by reading codebase contents. While this creates a theoretical surface for indirect prompt injection from analyzed code, the risk is mitigated by the skill's specific focus on removing unnecessary commentary and its requirement for high-confidence findings before applying automated changes.
Audit Metadata