code-simplifier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection because it processes untrusted code files that could contain hidden instructions for the agent. \n
- Ingestion points: Untrusted data enters the context via the 'Read', 'Glob', and 'Grep' tools which ingest file contents from the local environment. \n
- Boundary markers: Absent. There are no delimiters or specific instructions provided to the subagent to ignore embedded commands within the files. \n
- Capability inventory: The skill uses the 'Edit' tool for file system modification and the 'Task' tool for executing subagent workflows, which provides a high-impact exploitation path. \n
- Sanitization: Absent. The agent processes raw source code, including comments, without any filtering or safety checks. \n- COMMAND_EXECUTION (MEDIUM): The 'Task' tool is used to initiate subagents. If the agent is compromised via indirect prompt injection, this tool could be leveraged to execute unauthorized operations.
Recommendations
- AI detected serious security threats
Audit Metadata