tidy
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data by reading code from the local repository to identify tidying patterns. An attacker could theoretically embed malicious instructions in code comments to influence the agent's behavior. 1. Ingestion points: Local repository files via Git and file-read operations (Workflow 1 & 2). 2. Boundary markers: None explicitly defined to separate code from instructions. 3. Capability inventory: Git command execution, file writing, and running local test suites. 4. Sanitization: The skill uses structural pattern matching (ast-grep) which focuses on code geometry rather than natural language instructions, reducing the risk of direct execution of embedded prompts.
- Command Execution (LOW): The skill executes Git commands and triggers local test runs. These operations are essential for the skill's primary purpose of refactoring and verification, and are scoped to the local repository environment.
Audit Metadata