Skills
skills/agmangas/agent-skills/desloppify/Gen Agent Trust Hub

desloppify

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the desloppify[full] package from PyPI and fetches guidance using desloppify update-skill claude during the setup phase.
  • [COMMAND_EXECUTION]: The skill relies on executing various CLI commands through the desloppify tool, including scan, next, plan, and exclude to perform its primary function.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the agent is instructed to follow instructions provided by the desloppify tool, which processes untrusted data from the repository being scanned.
  • Ingestion points: Repository files at SCAN_PATH processed by desloppify scan.
  • Boundary markers: Absent; the agent is told to follow the tool's instructions without explicit constraints against embedded instructions in the codebase.
  • Capability inventory: File-write access is implied as the agent is tasked with fixing code problems based on tool output.
  • Sanitization: None; the agent reads and acts on the tool's issue descriptions directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:21 AM