deslop
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). \n- Ingestion points: It reads git diffs and file contents via 'Read' and 'Grep' (SKILL.md). \n- Boundary markers: None are specified to separate instructions from the data being reviewed. \n- Capability inventory: The agent has 'Edit' and 'Bash' permissions, enabling it to modify the codebase or execute system commands. \n- Sanitization: No content filtering or sanitization is applied. \n- Risk: An attacker could embed malicious instructions in code comments that the agent might follow, leading to unauthorized edits or command execution. \n- [COMMAND_EXECUTION] (MEDIUM): The use of the 'Bash' tool for repository operations creates a direct path for executing arbitrary commands if the agent is manipulated via the injection vector.
Recommendations
- AI detected serious security threats
Audit Metadata