code-simplifier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): Vulnerable to indirect prompt injection through the ingestion of untrusted code content. * Ingestion points: Processes files identified via git diff in SKILL.md, which may include attacker-controlled content from pull requests. * Capability inventory: The code-simplifier subagent is designed to perform refactors, implying write access to the codebase. * Boundary markers: The prompt template lacks delimiters to separate instructions from the code being processed. * Sanitization: No validation or filtering is performed on the content of the files before they are passed to the subagent.
- Command Execution (LOW): Uses git diff to identify target files. While this executes a shell command, it is restricted to a standard development tool and does not allow for arbitrary command injection based on the provided logic.
Recommendations
- AI detected serious security threats
Audit Metadata