deslop
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by reading untrusted code content and maintaining write access to the codebase.
- Ingestion points: The agent reads diffs and file contents from the current branch as part of its 'cleaning' task.
- Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from interpreting embedded code comments as new commands.
- Capability inventory: The agent is authorized to modify files and delete code, including 'defensive checks' and 'try/catch blocks'.
- Sanitization: None. The agent processes the code directly without sanitizing or validating the input against a safe schema.
- Security Weakening (MEDIUM): The instruction to remove 'defensive checks' or 'try/catch blocks' based on subjective 'abnormality' is inherently risky. This could lead the agent to remove critical security boundaries or error handling logic that it misinterprets as AI-generated 'slop'.
Recommendations
- AI detected serious security threats
Audit Metadata