simplify-and-harden
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code changes (diffs and full file content) and has the capability to modify the file system. This creates a surface for indirect prompt injection where malicious instructions embedded in the code being reviewed could influence the agent's actions.
- Ingestion points: Reads task diffs and modified executable source files (e.g., *.ts, *.py) during the Simplify and Harden passes.
- Boundary markers: Absent; there are no instructions to the agent to distinguish between its own logic and instructions that might be present in the code data.
- Capability inventory: The agent is authorized to modify source files directly for cosmetic fixes and security patches.
- Sanitization: No sanitization or validation is performed on the code content before it is processed by the agent.
- [DATA_EXFILTRATION]: The Self-Improvement Integration mechanism records security findings into a local Markdown file (.learnings/LEARNINGS.md). While intended for improvement, this could result in sensitive information (such as snippets of vulnerable code or identified secrets) being stored in plain text and potentially committed to a version control system.
- [EXTERNAL_DOWNLOADS]: Installation instructions recommend using npx to download the skill from the author's public repository. This is a standard installation pattern and targets the vendor's own infrastructure.
Audit Metadata