deslop
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface inherent to its design and functionality.
- Ingestion points: Target code files identified through session history or git diff output (SKILL.md, Step 1).
- Boundary markers: Absent. The skill does not define specific delimiters or protective instructions to isolate ingested code content from the agent's context.
- Capability inventory: The skill can read repository files, perform write operations, and utilize parallel subagents.
- Sanitization: Absent. Code content is processed for refactoring without prior filtering for potentially malicious instructions embedded in the data.
Audit Metadata