auto-simplify

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests and processes user-provided source code and diffs, creating a surface for indirect prompt injection if those files contain malicious instructions aimed at the agent.\n
  • Ingestion points: The skill reads file content and diffs from the '$scope' parameter as described in Phase 0 and Phase 1 of SKILL.md.\n
  • Boundary markers: There are no explicit instructions or delimiters defined to separate the code being analyzed from the agent's control logic.\n
  • Capability inventory: The skill utilizes 'Bash', 'Write', and 'Edit' tools (SKILL.md) to modify the codebase and execute commands, which could be exploited if an indirect injection is successful.\n
  • Sanitization: The instructions do not specify any steps to sanitize, filter, or validate the input code content before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — auto-simplify