skill-simplify
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted external files.
- Ingestion points: The skill uses the
Readtool to ingest the content of a target file inSKILL.mdandphases/01-analysis.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious embedded instructions within the files being analyzed.
- Capability inventory: The skill utilizes powerful tools including
Read,Write,Edit,Bash,Glob, andGrepacross its execution phases. - Sanitization: The instructions do not define any sanitization, escaping, or validation logic for the content read from the external files before it is processed or used in analysis results.
- [COMMAND_EXECUTION]: While the skill includes
Bashin itsallowed-toolsand identifies bash command blocks for optimization, the logic provided is restricted to text-based refactoring and does not demonstrate the execution of arbitrary or attacker-controlled shell commands. - [DATA_EXFILTRATION]: The skill performs local file read and write operations on target markdown files. It does not contain any network-enabled tools or patterns suggesting the transmission of data to external domains.
Audit Metadata