Skills
skills/willbooster/agent-skills/simplify-pr-codex/Gen Agent Trust Hub

simplify-pr-codex

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and executes the @willbooster/agent-skills package from the NPM registry using bunx. This is a vendor-owned resource used for the skill's primary function.
  • [COMMAND_EXECUTION]: Executes the simplify command via bunx. The instructions include a specific directive to allow the command to run for one hour without interruption.
  • [PROMPT_INJECTION]: The skill processes pull request content, creating a surface for indirect prompt injection where malicious instructions embedded in a PR could influence the agent's behavior.
  • Ingestion points: Pull request data processed by the simplify command in SKILL.md.
  • Boundary markers: Not specified in the instructions.
  • Capability inventory: Execution of shell commands via bunx as defined in SKILL.md.
  • Sanitization: Not specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM
Security Audit — agent-trust-hub — simplify-pr-codex