code-simplify
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run local shell commands like
npm test,pytest,cargo test, andgit logto establish baselines and verify that modifications do not alter code behavior. These are standard developer operations and are controlled by explicit instruction gates.\n- [PROMPT_INJECTION]: The skill processes untrusted user-provided source code, creating a surface for indirect prompt injection. This risk is addressed through a mandatory verification protocol that requires the agent to understand the logic before editing.\n - Ingestion points: User-provided source files and project configuration files like
CLAUDE.md.\n - Boundary markers: Employs explicit
<EXTREMELY-IMPORTANT>blocks and a seven-step checklist to isolate instructions from data processing.\n - Capability inventory: Utilizes file editing tools and local bash execution for testing and git operations.\n
- Sanitization: Requires a comprehensive logic review and baseline test pass before any changes are proposed or applied.
Audit Metadata