deslop
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard utility for static code analysis and refactoring. It does not perform network operations, access sensitive credentials, or execute arbitrary shell commands. It relies on the agent's built-in file reading capabilities to process code in the local environment.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted code from files provided via $ARGUMENTS. This is documented as a potential risk factor inherent to the skill's primary function of code analysis. However, the risk is effectively mitigated by the skill's design, which requires explicit user consent before the agent performs any write operations.
- Ingestion points: Local files identified via $ARGUMENTS (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Reading files and writing/modifying code files.
- Sanitization: Absent, but mitigated by manual human review of all suggested changes.
Audit Metadata