slop-code
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a wide range of shell commands to synchronize the repository (
git pull --rebase,git stash), manage branches (git checkout -b), and run various static analysis tools dependent on the detected project stack. - [EXTERNAL_DOWNLOADS]: The orchestrator is instructed to verify and potentially run tools via
npx, which can lead to the download and execution of arbitrary packages from the npm registry at runtime. - [INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it processes untrusted content from the target codebase.
- Ingestion points: The skill reads all files within the repository for analysis by eight specialized subagents.
- Boundary markers: The instructions do not define clear boundaries or 'ignore' instructions for content found within the codebase being cleaned.
- Capability inventory: The skill can modify and delete files, commit changes to git, and execute arbitrary shell commands for testing and typechecking.
- Sanitization: There is no evidence of sanitization or filtering of the code content before it is processed by the agent's reasoning engine.
- [DYNAMIC_EXECUTION]: The skill orchestrates eight specialized subagents using a parallel execution pattern, where each agent is given a specific role and prompt to perform deep cleanup tasks.
Audit Metadata