simplify-code
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill does not contain any obfuscated code, hidden instructions, or attempts to access sensitive system data. Its operations are transparent and consistent with the stated purpose of code simplification and refactoring.
- [COMMAND_EXECUTION]: The skill utilizes the 'git diff' command to identify changes in the source code. This is a standard and safe operation within a development environment, used here specifically to provide context for the review agents.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes source code changes which could contain malicious instructions embedded in comments. 1. Ingestion points: Changed files retrieved via git diff. 2. Boundary markers: No explicit delimiters or instructions to ignore code-embedded commands are provided. 3. Capability inventory: Uses the Agent tool to launch sub-agents and possesses the ability to edit local files. 4. Sanitization: None. While this surface exists, it is inherent to the primary function of a code-review tool and does not escalate the security verdict.
Audit Metadata