deslop
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection due to its core function of processing external code diffs.
- Ingestion points: The skill instructions in SKILL.md direct the agent to 'Check the diff against main'.
- Boundary markers: Absent. There are no delimiters or instructions to treat the diff content strictly as data or to ignore embedded instructions within the code.
- Capability inventory: The skill has the capability to modify source code based on the patterns it identifies in the diff.
- Sanitization: Absent. There is no mention of validating or escaping the input code before the agent processes it.
- No Code (SAFE): This skill contains only markdown instructions for the AI agent and does not include any executable scripts, binaries, or configuration files that could hide traditional malware.
Audit Metadata