Skills
skills/danicat/skills/de-sloppify/Gen Agent Trust Hub

de-sloppify

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/slop_score.py downloads linguistic resources, including stopwords and tokenizers, from the official NLTK repository. These are trusted resources required for the script's text analysis functionality.
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local Python script using the uv package manager to calculate text metrics. The script performs localized processing of text files provided as input.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted text content from users or external files.
  • Ingestion points: Text content provided by the user or read from files specified by the user in SKILL.md.
  • Boundary markers: No specific delimiters or "ignore instructions" markers are used when the agent processes the external text.
  • Capability inventory: The skill allows for local command execution (uv run) and file system modifications via smart_edit or write_file.
  • Sanitization: There is no evidence of sanitization or filtering to prevent embedded instructions in the input text from influencing the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:24 AM