humanizer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses local system utilities including
bash,sed,grep, andpython3. Thepython3call inscripts/humanizeis used strictly for Unicode normalization (NFKC) via a static one-line script. There are no external package installations or remote script executions. - [Data Exposure & Exfiltration] (SAFE): The script processes input via stdin or local files. It does not contain any network-reaching commands (curl, wget) or hardcoded credentials. It does not access sensitive system paths.
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted user text as input for cleaning. However, it lacks the necessary capability tier for this to be a risk; the script only performs character replacement and regex searches without executing the content of the text or sending it to external services. No capability for file-writing or network exfiltration exists.
- [Obfuscation] (SAFE): Hexadecimal escape sequences are used in the Bash script to represent specific Unicode characters (e.g., em dashes, non-breaking spaces) for replacement. This is a standard programming practice for character handling and not a malicious attempt to hide code.
Audit Metadata