simplify-diff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external content (code snippets and diffs), which constitutes an attack surface.
- Ingestion points: The workflow instructions in SKILL.md explicitly involve reviewing provided files and snippets.
- Boundary markers: There are no delimiters or instructions provided to the agent to ignore or isolate embedded instructions within the snippets.
- Capability inventory: The skill is limited to generating text and code suggestions; it does not contain any code or scripts to execute commands, modify files, or access the network.
- Sanitization: No validation or sanitization logic is present to handle malicious code comments or diff markers.
- No Executable Code (SAFE): The skill is entirely declarative, consisting only of metadata and markdown documentation. It does not include any Python or Node.js scripts, nor does it define any remote download or execution patterns.
Audit Metadata