code-simplifier
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run project-defined scripts such as 'npm test', 'pytest', and 'npm run build'. This facilitates the execution of arbitrary code or commands that may be defined within the local repository's testing or build configuration.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes source code from external files without sanitization or strict boundary markers.
- Ingestion points: Project source files read through the Read, Glob, and Grep tools.
- Boundary markers: The instructions do not define delimiters or specific system-level warnings to distinguish between source code data and agent instructions.
- Capability inventory: The skill possesses significant capabilities including the ability to modify the filesystem (Edit, Write) and execute shell commands (Bash).
- Sanitization: No input validation or filtering is performed on the content of the files being simplified, which could lead to the agent following instructions hidden in code comments.
Audit Metadata