polishing
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill exhibits an indirect prompt injection surface as it ingests untrusted content from branch diffs and external skill definitions to perform code modifications. However, this is a standard risk for its intended primary purpose as a code review tool. 1. Ingestion points: Branch diffs and skill files within the .agents/skills/ directory. 2. Boundary markers: Absent. 3. Capability inventory: Spawns subagents and modifies file content (e.g., removing 'AI slop' or fixing guideline deviations). 4. Sanitization: No explicit sanitization of codebase data is performed.
- [Command Execution] (SAFE): The skill uses local tool invocations and git operations for codebase analysis, which are necessary for its administrative functions and pose no risk of privilege escalation or exfiltration.
Audit Metadata