simplify

The skill simplify is a declarative description of a multi-agent workflow. It outlines steps for code analysis and simplification using internal sub-agents (e.g., complexity-analyzer, pattern-checker).

1. Prompt Injection: No patterns indicative of prompt injection were found. The use of 'IMPORTANT' is for instructional emphasis within the workflow description, not an attempt to override the agent's behavior.
2. Data Exfiltration: The skill uses git diff --name-only HEAD~3 2>/dev/null to determine the scope of recent changes. This command is benign, only listing file names, and does not access sensitive file paths or exfiltrate data to external servers. No other network operations or sensitive file access were detected.
3. Obfuscation: No obfuscated content (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) was found in the skill description.
4. Unverifiable Dependencies: The skill describes calls to Task(subagent_type="simplify:..."). These refer to internal sub-agents or capabilities within the agent system, not external packages or scripts downloaded from unverified sources. Therefore, there are no unverifiable dependencies.
5. Privilege Escalation: No commands like sudo, chmod +x, chmod 777, or attempts to install services were found.
6. Persistence Mechanisms: No attempts to modify system configuration files, user profiles (.bashrc), or create scheduled tasks (crontab) were detected.
7. Metadata Poisoning: The skill's metadata (name, description, argument-hint) is clean and accurately reflects its purpose, with no hidden malicious instructions.
8. Indirect Prompt Injection: While the skill processes external code (from files or git diff output), which could theoretically contain indirect prompt injection attempts if the code itself is malicious, the skill's instructions themselves do not contain such vulnerabilities. This is an inherent risk for any skill that processes user-provided or external content, but not a direct vulnerability in the skill's design.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or environment variables that could trigger malicious behavior was found.

Overall, the skill is a high-level description of an agent workflow and does not contain any direct executable code that poses a security risk. The git diff command is a standard, safe operation for determining file scope.