code-simplify
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection. It ingests and processes code from external files provided via arguments, which may contain malicious instructions hidden in comments designed to hijack the agent's logic.
- Ingestion points: The agent reads the content of the file specified in the
$ARGUMENTSvariable. - Boundary markers: The skill lacks delimiters or explicit instructions to the agent to treat the ingested file content strictly as data rather than instructions.
- Capability inventory: The agent is granted the ability to read from and 'directly modify' (write) files on the local filesystem.
- Sanitization: There is no mechanism described to sanitize, escape, or validate the content of the target file before processing.
- [COMMAND_EXECUTION]: The skill is instructed to 'directly modify' and 'reconstruct' code without seeking user confirmation. This autonomous write capability, while intended for refactoring, represents a risk if the agent's behavior is influenced by adversarial input within the file being processed.
Audit Metadata