deslop
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git fetchandgit diffcommands to retrieve and compare code changes between the current branch and the main branch. These are standard operations for the skill's intended purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes external, untrusted data (git diffs) and possesses write capabilities to modify the local filesystem.
- Ingestion points: Untrusted code content enters the agent context through the results of the
git diff origin/main...HEADcommand. - Boundary markers: There are no specified delimiters or instructions telling the agent to ignore natural language instructions that might be embedded within the code comments or strings being diffed.
- Capability inventory: The skill is explicitly tasked with applying edits to the codebase, implying file-write capabilities. It also has access to the shell for git operations.
- Sanitization: No sanitization, escaping, or validation of the diff content is performed before the agent processes it for 'slop' detection.
Audit Metadata