deslop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from git diffs without boundary markers. * Ingestion points: git diff output in SKILL.md. * Boundary markers: Absent; there are no delimiters or instructions to treat the diff content as strictly data. * Capability inventory: The agent is tasked with editing files (Remove slop, Edit for intent) and running local commands (Run tests/linters). * Sanitization: Absent. An attacker could embed instructions in comments within a branch to trick the agent into deleting legitimate code or running malicious tests.
- Command Execution (SAFE): The skill utilizes git and the GitHub CLI (gh) to view repository information and diffs. These operations are essential to the skill's stated purpose and do not represent an elevated risk in this context as they are restricted to repository metadata and diffing.
Audit Metadata