micro-polish
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data via the
/micro-polish <file>command. - Ingestion points: User-specified files provided as arguments to the command.
- Boundary markers: Absent. There are no instructions to delimit the content or ignore embedded instructions within the files being polished.
- Capability inventory: The skill is limited to generating text observations, rationales, and suggested refinements. It does not contain instructions for file writing, network access, or command execution.
- Sanitization: Absent. The skill does not define methods for escaping or validating the content of the files it reads.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and lacks any scripts (Python, JavaScript, etc.) or configuration files that could facilitate remote code execution or persistence.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file path access, or network communication patterns were detected.
Audit Metadata