normalize
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions use markers like 'CRITICAL' and 'IMPORTANT' for design emphasis, which is benign. However, the skill processes untrusted features and local documentation, creating an indirect prompt injection surface. Ingestion points: 'feature' argument and files searched via 'grep'. Boundary markers: Absent. Capability inventory: Instructions to modify code and execute validation commands. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill directs the agent to execute validation tools such as linters, type-checkers, and test suites to verify quality after normalization. This is a standard part of the developer workflow.
- [DATA_EXPOSURE]: The agent is instructed to use 'grep' to search for design documentation within the repository. This data access is localized to the repository context and does not target sensitive system credentials.
Audit Metadata