remove-ai-slop
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to malicious instructions embedded in the source code it is tasked with cleaning.
- Ingestion points: Git diff output from 'git diff master' (SKILL.md workflow).
- Boundary markers: Absent. There is no mechanism to distinguish between legitimate code and adversarial instructions within the diff or surrounding context.
- Capability inventory: File system write access (implied by the instruction to 'Remove slop patterns').
- Sanitization: Absent. The agent treats the code content as data to be acted upon without validation, allowing an attacker to suggest that critical security logic (e.g., authentication checks) is 'redundant slop' that should be deleted.
- [Command Execution] (LOW): Executes shell commands to interact with the version control system.
- Evidence: 'git diff master --name-only' and 'git diff master -- ' are executed to retrieve file lists and content.
Recommendations
- AI detected serious security threats
Audit Metadata