normalize
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by instructing the agent to analyze and refactor external feature code without utilizing boundary markers or safety delimiters. This could allow malicious instructions embedded within the analyzed codebase to override agent behavior during the normalization process.
- Ingestion points: Source code for features and UI components identified via the 'feature' argument or discovery searches (SKILL.md).
- Boundary markers: None present. The skill does not instruct the agent to treat external file content as untrusted data or use delimiters to separate data from instructions.
- Capability inventory: The skill has the capability to modify and delete files ('Remove orphaned code') and execute shell commands for linting and testing (SKILL.md).
- Sanitization: No sanitization, escaping, or validation of the ingested code content is specified prior to processing.
Audit Metadata