polish-skill
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user text (via file or pasted input) to drive its core editing logic and file-writing tools.
- [PROMPT_INJECTION]: Mandatory Evidence Chain: 1. Ingestion points: Academic text provided via pasted input or read from the filesystem using the Read tool. 2. Boundary markers: The skill does not define explicit delimiters or instructions to prevent the agent from following commands embedded within the input text. 3. Capability inventory: The skill uses the Read and Edit tools to access and modify local files, which could be exploited if a malicious prompt is processed. 4. Sanitization: There is no evidence of sanitization or validation logic to filter out instruction-like content from the input academic text.
Audit Metadata