simplify-code
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands to interact with the repository and validate changes.
- Evidence: Uses
git diffandgit diff --cachedto retrieve code changes. - Evidence: Executes project-specific validation commands such as tests, typecheckers, and linters (e.g., in Step 5).
- [DATA_EXFILTRATION]: The skill reads local project files, including source code and documentation like
AGENTS.md, but no network exfiltration patterns or unauthorized data transmission were detected. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from the repository.
- Ingestion points: The skill reads code diffs and local instruction files (e.g.,
AGENTS.md, architecture docs). - Boundary markers: Absent. The instructions do not specify delimiters or provide sub-agents with warnings to ignore embedded instructions within the processed code.
- Capability inventory: File system read, file system write (applying fixes), and execution of validation scripts (tests/linting).
- Sanitization: Absent. Code and documentation content are aggregated and processed without sanitization or filtering.
Audit Metadata