code-simplify
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or exfiltration attempts were detected. The skill's operations are consistent with its stated purpose.\n- [COMMAND_EXECUTION]: The skill executes Git commands (
git rev-parse,git diff,git ls-files) to identify modified files. It also instructs the agent to run project-specific verification tools such as linters, formatters, and test suites. These are standard operations for coding assistants and do not pose an elevated risk.\n- [PROMPT_INJECTION]: The skill processes untrusted local source code, which constitutes a surface for indirect prompt injection. (1) Ingestion points: Local source files read during the baseline and simplification steps. (2) Boundary markers: Absent. (3) Capability inventory: Git command execution and arbitrary shell execution via local verification scripts (npm test, etc.). (4) Sanitization: Absent. This risk is assessed as safe because these capabilities are required for the primary function of a developer tool.
Audit Metadata