simplify
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to run 'uv run pytest -v' in Step 5. Pytest automatically discovers and executes code in files matching test patterns. If the code being simplified or its associated tests are untrusted, this command results in arbitrary code execution on the agent's host environment.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted code from files and has the capability to execute logic via a test runner. Ingestion points: Step 1 reads files into the agent context to analyze structure. Boundary markers: Absent; there are no instructions to use delimiters or to ignore embedded instructions within the code files. Capability inventory: The 'uv run pytest -v' command in Step 5 provides a mechanism to execute code from the ingested files. Sanitization: Absent; the skill does not include any validation or sanitization steps before execution.
Recommendations
- AI detected serious security threats
Audit Metadata