code-slimming
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by enforcing a read-only boundary and explicitly routing security-sensitive audits to dedicated skills. No malicious code or exfiltration patterns were identified.
- [COMMAND_EXECUTION]: The skill instructions include the use of common, non-destructive git commands (e.g., "git diff", "git rev-parse") to gather repository context. These commands are standard for code analysis and do not pose a security risk in this context.
- [PROMPT_INJECTION]: The skill analyzes external code, which is a potential surface for indirect prompt injection (Category 8). However, the risk is considered safe given the skill's limited read-only scope and focus on reporting refactoring opportunities rather than execution.
- Ingestion points: Processes project manifests (package.json, etc.), source files, and git diffs as described in Step 1 and Step 2.
- Boundary markers: Encourages a "read-only boundary" check but lacks explicit data delimiters for ingested code.
- Capability inventory: Capabilities are limited to file reading and informational git commands; it specifically prohibits code modification.
- Sanitization: No explicit sanitization or filtering of ingested code content is instructed.
Audit Metadata