clean-slop
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes code diffs from Git branches, which serves as a potential vector for indirect prompt injection if the code being cleaned contains malicious instructions embedded as comments.
- Ingestion points: Ingests untrusted code content via
git diff main...HEADas described inSKILL.md. - Boundary markers: No delimiters or instructions are provided to the agent to ignore instructions found within the diff data.
- Capability inventory: The agent can perform file system modifications and execute shell commands (git).
- Sanitization: No validation or sanitization is performed on the ingested diff content.
- [PROMPT_INJECTION]: There is a discrepancy between the version in the frontmatter (3.0.0) and the body (v2.88). This metadata inconsistency can be deceptive or misleading regarding the skill's actual version and features.
Audit Metadata