code-simplifier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core function is to ingest and process "recently modified code" from the workspace, which represents a significant attack surface.
- Ingestion points: Modified source code within the agent's workspace (referenced in SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore instructions embedded within the code being analyzed.
- Capability inventory: The skill is intended to "apply refinements" and "refine code immediately," which necessitates file-write permissions.
- Sanitization: Absent. There is no logic to filter or escape instructions found in code comments or string literals.
- [Command Execution] (MEDIUM): The skill operates autonomously to modify executable code. If the agent follows malicious instructions injected via the code it is 'simplifying', it could be coerced into writing malicious logic or backdoors into the production codebase.
Recommendations
- AI detected serious security threats
Audit Metadata