code-simplifier
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes local project files and configuration files (such as .cursorrules and CLAUDE.md) that could contain malicious instructions designed to manipulate the agent's behavior during the code simplification process.\n
- Ingestion points: Files are read using the Read, Grep, Glob, and Bash tools as outlined in the workflow of SKILL.md.\n
- Boundary markers: There are no defined delimiters or instructions provided to the agent to treat external file content as untrusted or to ignore embedded commands.\n
- Capability inventory: The skill possesses the capability to modify files using the Edit tool and execute shell commands via the Bash tool.\n
- Sanitization: There is no mechanism described for sanitizing or validating the input from these files before it influences the agent's code modification logic.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the local operating system and repository environment.\n
- Evidence: The workflow in SKILL.md uses Bash to identify modified files via git commands (git diff, git status) and to execute verification tools such as linters, formatters, and test suites.
Audit Metadata