simplify
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform local repository operations and run developer utilities. It usesgit diffto identify modified files, runsnpm testandnpm run typecheckfor validation, and executes analysis tools likejscpdandast-grep(sg). These actions are aligned with the skill's stated purpose of code maintenance. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto execute thejscpdandtscpackages. This may involve downloading the packages from the public npm registry if they are not present in the local cache. This is standard behavior for JavaScript/TypeScript development environments. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it reads and processes external data (source code files) that could be controlled by an attacker. This data is then used to guide the agent's refactoring actions.
- Ingestion points: Reads files identified via
git diff, theReadtool, and output from analysis tools likejscpdandsginSKILL.md. - Boundary markers: The skill does not employ explicit delimiters or system instructions to ignore potential commands embedded within the source code being analyzed.
- Capability inventory: The agent has access to
Bashfor command execution andEditfor file modification across the project. - Sanitization: The skill does not implement sanitization or filtering of the code content before it is processed by the model for simplification.
Audit Metadata