Skills
skills/willbooster/agent-skills/simplify-pr-gemini/Gen Agent Trust Hub

simplify-pr-gemini

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses bunx to download and execute the latest version of @willbooster/agent-skills from the NPM registry. This package is an official resource provided by the skill author.
  • [COMMAND_EXECUTION]: The skill executes the simplify command via the author's CLI tool to modify pull request content. The instructions include a specific directive to allow the command to run for up to one hour.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The tool likely ingests pull request data, such as code diffs and comments, which are untrusted external inputs (SKILL.md).
  • Boundary markers: No explicit boundary markers or delimiters are defined in the skill instructions to separate untrusted PR data from the agent's instructions.
  • Capability inventory: The skill has the capability to execute shell commands via bunx (SKILL.md).
  • Sanitization: The skill does not specify sanitization methods; security relies on the implementation of the external @willbooster/agent-skills package.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM
Security Audit — agent-trust-hub — simplify-pr-gemini