auto-simplify
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes user-provided source code and diffs, creating a surface for indirect prompt injection if those files contain malicious instructions aimed at the agent.\n
- Ingestion points: The skill reads file content and diffs from the '$scope' parameter as described in Phase 0 and Phase 1 of SKILL.md.\n
- Boundary markers: There are no explicit instructions or delimiters defined to separate the code being analyzed from the agent's control logic.\n
- Capability inventory: The skill utilizes 'Bash', 'Write', and 'Edit' tools (SKILL.md) to modify the codebase and execute commands, which could be exploited if an indirect injection is successful.\n
- Sanitization: The instructions do not specify any steps to sanitize, filter, or validate the input code content before it is processed by the AI.
Audit Metadata